HP A5830 Switch Series Layer 3 - IP Services. Command Reference. Abstract

Transcription

1 HP A5830 Switch Series Layer 3 - IP Services Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network planners, field technical support and servicing engineers, and network administrators who work with HP A Series products. Part number: Software version: Release 1109 Document version: 6W

2 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

3 Contents ARP configuration commands 1 arp max-learning-num 1 arp static 2 arp timer aging 2 display arp 3 display arp ip-address 4 display arp timer aging 5 mac-address station-move 6 reset arp 6 Gratuitous ARP configuration commands 8 arp send-gratuitous-arp 8 gratuitous-arp-sending enable 9 gratuitous-arp-learning enable 9 Proxy ARP configuration commands 11 display local-proxy-arp 11 display proxy-arp 11 local-proxy-arp enable 12 proxy-arp enable 13 IP addressing configuration commands 14 display ip interface 14 display ip interface brief 16 ip address 18 DHCP server configuration commands 20 bims-server 20 bootfile-name 20 dhcp enable 21 dhcp server apply ip-pool 22 dhcp select server global-pool 22 dhcp server detect 23 dhcp server forbidden-ip 24 dhcp server ip-pool 25 dhcp server ping packets 26 dhcp server ping timeout 26 dhcp server relay information enable 27 dhcp server threshold 28 display dhcp server conflict 29 display dhcp server expired 29 display dhcp server free-ip 31 display dhcp server forbidden-ip 31 display dhcp server ip-in-use 32 display dhcp server statistics 34 display dhcp server tree 35 dns-list 37 domain-name 38 expired 38 forbidden-ip 39 gateway-list 40 iii

4 nbns-list 41 netbios-type 41 network 42 network ip range 43 network mask 44 next-server 44 option 45 reset dhcp server conflict 46 reset dhcp server ip-in-use 46 reset dhcp server statistics 47 static-bind client-identifier 47 static-bind ip-address 48 static-bind mac-address 49 tftp-server domain-name 50 tftp-server ip-address 51 vendor-class-identifier 51 voice-config 52 DHCP relay agent configuration commands 54 dhcp relay address-check enable 54 dhcp relay check mac-address 55 dhcp relay client-detect enable 55 dhcp relay information circuit-id format-type 56 dhcp relay information circuit-id string 57 dhcp relay information enable 57 dhcp relay information format 58 dhcp relay information remote-id format-type 59 dhcp relay information remote-id string 60 dhcp relay information strategy 60 dhcp relay release ip 61 dhcp relay security static 62 dhcp relay security refresh enable 62 dhcp relay security tracker 63 dhcp relay server-detect 64 dhcp relay server-group 64 dhcp relay server-select 65 dhcp select relay 66 display dhcp relay 67 display dhcp relay information 68 display dhcp relay security 69 display dhcp relay security statistics 70 display dhcp relay security tracker 71 display dhcp relay server-group 72 display dhcp relay statistics 72 reset dhcp relay statistics 74 DHCP client configuration commands 76 display dhcp client 76 ip address dhcp-alloc 78 DHCP snooping configuration commands 80 dhcp-snooping 80 dhcp-snooping binding database filename 80 dhcp-snooping binding database update interval 81 dhcp-snooping binding database update now 82 dhcp-snooping check mac-address 82 iv

5 dhcp-snooping check request-message 83 dhcp-snooping information circuit-id format-type 84 dhcp-snooping information circuit-id string 84 dhcp-snooping information enable 85 dhcp-snooping information format 86 dhcp-snooping information remote-id format-type 87 dhcp-snooping information remote-id string 87 dhcp-snooping information strategy 88 dhcp-snooping trust 89 display dhcp-snooping 90 display dhcp-snooping binding database 91 display dhcp-snooping information 92 display dhcp-snooping packet statistics 93 display dhcp-snooping trust 94 reset dhcp-snooping 95 reset dhcp-snooping packet statistics 95 BOOTP client configuration commands 96 display bootp client 96 ip address bootp-alloc 97 IPv4 DNS configuration commands 98 display dns domain 98 display dns host 99 display dns server 100 display ip host 101 dns domain 102 dns resolve 103 dns server 103 ip host 104 reset dns host 105 IP performance optimization configuration commands 106 display fib 106 display fib ip-address 108 display icmp statistics 109 display ip socket 110 display ip statistics 114 display tcp statistics 115 display udp statistics 118 ip forward-broadcast (interface view) 119 ip forward-broadcast (system view) 120 ip redirects enable 120 ip ttl-expires enable 121 ip unreachables enable 121 reset ip statistics 122 reset tcp statistics 122 reset udp statistics 123 tcp path-mtu-discovery 123 tcp timer fin-timeout 124 tcp timer syn-timeout 125 tcp window 125 UDP Helper configuration commands 127 display udp-helper server 127 reset udp-helper packet 127 udp-helper enable 128 v

6 udp-helper port 129 udp-helper server 129 IPv6 basics configuration commands 131 display ipv6 fib 131 display ipv6 fib ipv6-address 132 display ipv6 interface 134 display ipv6 nd snooping 138 display ipv6 neighbors 139 display ipv6 neighbors count 141 display ipv6 pathmtu 142 display ipv6 socket 143 display ipv6 statistics 145 display tcp ipv6 statistics 148 display tcp ipv6 status 151 display udp ipv6 statistics 152 ipv6 153 ipv6 address 154 ipv6 address anycast 154 ipv6 address auto 155 ipv6 address auto link-local 156 ipv6 address eui ipv6 address link-local 157 ipv6 hoplimit-expires enable 158 ipv6 icmp-error 159 ipv6 icmpv6 multicast-echo-reply enable 159 ipv6 nd autoconfig managed-address-flag 160 ipv6 nd autoconfig other-flag 160 ipv6 nd dad attempts 161 ipv6 nd hop-limit 162 ipv6 nd ns retrans-timer 162 ipv6 nd nud reachable-time 163 ipv6 nd ra halt 164 ipv6 nd ra interval 164 ipv6 nd ra no-advlinkmtu 165 ipv6 nd ra prefix 166 ipv6 nd ra router-lifetime 166 ipv6 nd snooping enable 167 ipv6 nd snooping max-learning-num 168 ipv6 neighbor 168 ipv6 neighbor stale-aging 169 ipv6 neighbors max-learning-num 170 ipv6 pathmtu 171 ipv6 pathmtu age 171 ipv6 prefer temporary-address 172 ipv6 unreachables enable 173 reset ipv6 nd snooping 173 reset ipv6 neighbors 174 reset ipv6 pathmtu 174 reset ipv6 statistics 175 reset tcp ipv6 statistics 175 reset udp ipv6 statistics 176 tcp ipv6 timer fin-timeout 176 tcp ipv6 timer syn-timeout 177 tcp ipv6 window 177 vi

7 DHCPv6 configuration commands 179 DHCPv6 common configuration commands 179 display ipv6 dhcp duid 179 DHCPv6 relay agent configuration commands 179 display ipv6 dhcp relay server-address 179 display ipv6 dhcp relay statistics 181 ipv6 dhcp relay server-address 182 reset ipv6 dhcp relay statistics 183 DHCPv6 client configuration commands 184 display ipv6 dhcp client 184 display ipv6 dhcp client statistics 185 reset ipv6 dhcp client statistics 187 DHCPv6 snooping configuration commands 187 display ipv6 dhcp snooping trust 187 display ipv6 dhcp snooping user-binding 188 ipv6 dhcp snooping enable 189 ipv6 dhcp snooping max-learning-num 189 ipv6 dhcp snooping trust 190 ipv6 dhcp snooping vlan enable 191 reset ipv6 dhcp snooping user-binding 191 Tunneling configuration commands 193 default 193 description 193 destination 194 display interface tunnel 195 display ipv6 interface tunnel 198 encapsulation-limit 202 interface tunnel 203 mtu 203 reset counters interface 204 service-loopback-group 204 service 205 shutdown 206 source 207 tunnel bandwidth 208 tunnel discard ipv4-compatible-packet 208 tunnel-protocol 209 Support and other resources 211 Contacting HP 211 Subscription service 211 Related information 211 Documents 211 Websites 211 Conventions 212 Index 214 vii

8 ARP configuration commands arp max-learning-num Parameter s Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that an interface can learn. Use the undo arp max-learning-num command to restore the default. By default, a Layer 2 interface does not limit the number of dynamic ARP entries. The maximum number of dynamic ARP entries that a Layer 3 interface can learn is When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. arp max-learning-num number undo arp max-learning-num Layer 2 Ethernet port view, Layer 3 Ethernet port view, VLAN interface view, Layer 2 aggregate interface view number: Specifies the maximum number of dynamic ARP entries that an interface can learn, ranging from 0 to # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify GigabitEthernet 1/0/1 to learn up to 1000 dynamic ARP entries. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface bridge-aggregation 1 to learn up to 1000 dynamic ARP entries. [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] arp max-learning-num

9 arp static Use the arp static command to configure a static ARP entry in the ARP mapping table. Use the undo arp command to remove an ARP entry. A static ARP entry is effective when the device works normally. However, when the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry, if long, will be deleted, and, if short and resolved, will become unresolved. The vlan-id argument specifies the VLAN corresponding to an ARP entry and must be the ID of an existing VLAN. In addition, the Ethernet interface following the argument must belong to that VLAN. The VLAN interface of the VLAN must have been created. If both the vlan-id and ip-address arguments are specified, the IP address of the VLAN interface corresponding to the vlan-id argument must be in the same network segment as the IP address specified by the ip-address argument. Related commands: reset arp and display arp. arp static ip-address mac-address [ vlan-id interface-type interface-number ] undo arp ip-address System view ip-address: Specifies the IP address in an ARP entry. mac-address: Specifies the MAC address in an ARP entry, in the format H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs, ranging from 1 to interface-type interface-number: Specifies the interface type and interface number. # Configure a static ARP entry, with IP address , MAC address 00e0-fc , and outbound interface GigabitEthernet 1/0/1 of VLAN 10. [Sysname] arp static e0-fc GigabitEthernet 1/0/1 arp timer aging Use the arp timer aging command to set the age timer for dynamic ARP entries. Use the undo arp timer aging command to restore the default. By default, the age timer for dynamic ARP entries is 20 minutes. 2

10 Related commands: display arp timer aging. arp timer aging aging-time undo arp timer aging Parameter System view aging-time: Specifies the age timer for dynamic ARP entries in minutes, ranging from 1 to # Set the age timer for dynamic ARP entries to 10 minutes. [Sysname] arp timer aging 10 display arp Use the display arp command to display ARP entries in the ARP mapping table. If no parameter is specified, all ARP entries are displayed. Related commands: arp static and reset arp. display arp [ [ all dynamic static ] [ slot slot-number ] vlan vlan-id interface interface-type interface-number ] [ count verbose ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. vlan vlan-id: Displays the ARP entries of the specified VLAN. The VLAN ID ranges from 1 to

11 s interface interface-type interface-number: Displays the ARP entries of the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the information of all ARP entries. <Sysname> display arp all Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type e0-fc N/A GE1/0/1 20 D f-9550 N/A GE1/0/1 5 D d-88f7-b090 N/A GE1/0/1 17 D e0-4c3d-35d7 N/A GE1/0/1 15 D Table 1 Command output Field IP Address MAC Address VLAN ID Interface Aging Type IP address in an ARP entry MAC address in an ARP entry ID of the VLAN to which the ARP entry belongs Outbound interface in an ARP entry Aging time for a dynamic ARP entry in minutes ("DIS" or N/A means unknown aging time or no aging time) ARP entry type: D for dynamic S for static # Display the number of all ARP entries. <Sysname> display arp all count Total Entry(ies): 4 display arp ip-address Use the display arp ip-address command to view the ARP entry for a specified IP address. Related commands: arp static and reset arp. 4

12 display arp ip-address [ slot slot-number ] [ verbose ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level ip-address: Displays the ARP entry for the specified IP address. slot slot-number: Displays the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. verbose: Displays the detailed information about ARP entries. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the corresponding ARP entry for the IP address <Sysname> display arp Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type e0-fc N/A N/A N/A S display arp timer aging Use the display arp timer aging command to view the age timer for dynamic ARP entries. Related commands: arp timer aging. display arp timer aging [ { begin exclude include } regular-expression ] Any view 5

13 : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the age timer for dynamic ARP entries. <Sysname> display arp timer aging Current ARP aging time is 10 minute(s) mac-address station-move Use the mac-address station-move quick-notify enable command to enable ARP quick update. Use the undo mac-address station-move quick-notify enable command to restore the default. By default, ARP quick update is disabled. mac-address station-move quick-notify enable undo mac-address station-move quick-notify enable System view None reset arp # Enable ARP quick update. [Sysname] mac-address station-move quick-notify enable Use the reset arp command to clear ARP entries from the ARP mapping table. Related commands: arp static and display arp. 6

14 reset arp { all dynamic static slot slot-number interface interface-type interface-number } User view all: Clears all ARP entries. dynamic: Clears all dynamic ARP entries. static: Clears all static ARP entries. slot slot-number: Clears the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number. # Clear all static ARP entries. <Sysname> reset arp static 7

15 Gratuitous ARP configuration commands arp send-gratuitous-arp Parameter Use the arp send-gratuitous-arp command to enable periodic sending of gratuitous ARP packets and set the sending interval for the interface. Use the undo arp send-gratuitous-arp command to disable the interface from periodically sending gratuitous ARP packets. By default, an interface is disabled from sending gratuitous ARP packets periodically. This function takes effect only when the link of the enabled interface goes up and an IP address has been assigned to the interface. The IP address contained in a gratuitous ARP request can be the VRRP virtual IP address, the primary IP address or a manually configured secondary IP address of the sending interface only. The primary IP address can be configured manually or automatically, whereas the secondary IP address must be configured manually. If you change the interval for sending gratuitous ARP packets, the configuration is effective at the next sending interval. The frequency of sending gratuitous ARP packets may be much lower than is expected if this function is enabled on multiple interfaces, or each interface is configured with multiple secondary IP addresses, or a small sending interval is configured in the preceding cases. arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Layer 3 Ethernet port view, VLAN interface view interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, ranging from 200 to 200,000 milliseconds. The default value is # Enable VLAN-interface 2 to send gratuitous ARP packets every 300 milliseconds. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] arp send-gratuitous-arp interval 300 8

16 gratuitous-arp-sending enable Use the gratuitous-arp-sending enable command to enable a device to send gratuitous ARP packets when receiving ARP requests from another network segment. Use the undo gratuitous-arp-sending enable command to restore the default. By default, a device cannot send gratuitous ARP packets when receiving ARP requests from another network segment. gratuitous-arp-sending enable undo gratuitous-arp-sending enable System view None # Disable a device from sending gratuitous ARP packets. [Sysname] undo gratuitous-arp-sending enable gratuitous-arp-learning enable Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled. With this function enabled, a device receiving a gratuitous ARP packet can add the source IP and MAC addresses to its own dynamic ARP table if it finds that no ARP entry exists in the cache corresponding to the source IP address of the ARP packet. If a matching ARP entry is found in the cache, the device updates the ARP entry regardless of whether this function is enabled. gratuitous-arp-learning enable undo gratuitous-arp-learning enable System view 9

17 None # Enable the gratuitous ARP packet learning function. [Sysname] gratuitous-arp-learning enable 10

18 Proxy ARP configuration commands display local-proxy-arp Use the display local-proxy-arp command to view the status of the local proxy ARP. If no interface is specified, the local proxy ARP status of all interfaces is displayed. Related commands: local-proxy-arp enable. display local-proxy-arp [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the status of the local proxy ARP on VLAN-interface 2. <Sysname> display local-proxy-arp interface vlan-interface 2 Interface Vlan-interface2 Local Proxy ARP status: enabled display proxy-arp Use the display proxy-arp command to view the proxy ARP status. If an interface is specified, the proxy ARP status of the specified interface is displayed. If no interface is specified, the proxy ARP status of all interfaces is displayed. Related commands: proxy-arp enable. 11

19 display proxy-arp [ interface interface-type interface-number ] [ { begin exclude include } regularexpression ] Any view interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the proxy ARP status on VLAN-interface 1. <Sysname> display proxy-arp interface Vlan-interface 1 Interface Vlan-interface 1 Proxy ARP status: disabled local-proxy-arp enable Use the local-proxy-arp enable command to enable local proxy ARP. Use the undo local-proxy-arp enable command to disable local proxy ARP. By default, local proxy ARP is disabled. Only one IP address range can be specified by using the ip-range keyword on an interface. Related commands: display local-proxy-arp. local-proxy-arp enable [ ip-range startip to endip ] undo local-proxy-arp enable VLAN interface view, Layer 3 Ethernet port view 12

20 Parameter s ip-range startip to endip: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address. # Enable local proxy ARP on VLAN-interface 2. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range to proxy-arp enable Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. proxy-arp enable undo proxy-arp enable VLAN interface view, Layer 3 Ethernet port view None # Enable proxy ARP on VLAN-interface 2. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] proxy-arp enable 13

21 IP addressing configuration commands display ip interface Use the display ip interface command to display IP configuration information for a specified Layer 3 interface or all Layer 3 interfaces. display ip interface [ interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level interface-type interface-number: Specifies an interface by its type and number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display IP configuration information for interface VLAN-interface 1. <Sysname> display ip interface vlan-interface 1 Vlan-interface1 current state :DOWN Line protocol current state :DOWN Internet Address is /8 Primary Broadcast address : The Maximum Transmit Unit : 1500 bytes input packets : 0, bytes : 0, multicasts : 0 output packets : 0, bytes : 0, multicasts : 0 ARP packet input number: 0 Request packet: 0 Reply packet: 0 Unknown packet: 0 TTL invalid packet number: 0 ICMP packet input number: 0 14

22 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 2 Command output Field current state Line protocol current state Internet Address Broadcast address The Maximum Transmit Unit input packets, bytes, multicasts output packets, bytes, multicasts Current physical state of the interface: Administrative DOWN Interface is shut down with the shutdown command DOWN Indicates that the interface is up administratively, but its physical state is down, which may be caused by a connection or link failure UP Indicates that both the administrative and physical states of the interface are up Current state of the link layer protocol, which can be: DOWN Indicates that the protocol state of the interface is down UP Indicates that the protocol state of the interface is up UP (spoofing) Indicates that the protocol state of the interface pretends to be up; however, no corresponding link is present, or the corresponding link is not present permanently, but is established as needed IP address of an interface: Primary Identifies a primary IP address Sub Identifies a secondary IP address acquired via DHCP Identifies an IP address obtained through DHCP acquired via BOOTP Identifies an IP address obtained through BOOTP Mad Identifies a MAD IP address Broadcast address of the subnet attached to an interface Maximum transmission units on the interface, in bytes Unicast packets, bytes, and multicast packets received on an interface (the statistics start at the device startup) 15

23 Field ARP packet input number: Request packet: Reply packet: Unknown packet: TTL invalid packet number ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Total number of ARP packets received on the interface (the statistics start at the device startup), including: ARP request packets ARP reply packets Unknown packets Number of TTL-invalid packets received on the interface (the statistics start at the device startup) Total number of ICMP packets received on the interface (the statistics start at the device startup), including: Echo reply packets Unreachable packets Source quench packets Routing redirect packets Echo request packets Router advertisement packets Router solicitation packets Time exceeded packets IP header bad packets Timestamp request packets Timestamp reply packets Information request packets Information reply packets Netmask request packets Netmask reply packets Unknown type packets display ip interface brief Use the display ip interface brief command to display brief IP configuration information for a specified Layer 3 interface or all Layer 3 interfaces. Without the interface type and interface number specified, the brief IP configuration information for all Layer 3 interfaces is displayed. With only the interface type specified, the brief IP configuration information for all Layer 3 interfaces of the specified type is displayed. With both the interface type and interface number specified, only the brief IP configuration information for the specified interface is displayed. Related commands: display ip interface. display ip interface [ interface-type [ interface-number ] ] brief [ { begin exclude include } regularexpression ] 16

24 Any view 1: Monitor level interface-type: Specifies an interface by its type. interface-number: Specifies an interface by its number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display brief IP configuration information for VLAN interfaces. <Sysname> display ip interface vlan-interface brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Vlan1 up up Vlan-inte... Vlan2 up up Vlan-inte... Table 3 Command output Field *down: administratively down (s) : spoofing Interface Physical Protocol Interface is shut down administratively with the shutdown command Spoofing attribute of the interface, which indicates that an interface may have no link present even when its link layer protocol is displayed up or the link is set up only on demand Interface name Physical state of the interface: *down Indicates that the interface is down administratively; that is, the interface is shut down with the shutdown command down Indicates that the interface is up administratively, but its physical state is down up Indicates that both the administrative and physical states of the interface are up Link layer protocol state of the interface, which can be: down Indicates that the protocol state of the interface is down up Indicates that the protocol state of the interface is up up(s) Indicates that the protocol state of the interface is up (spoofing) 17

25 Field IP Address IP address of the interface (If no IP address is configured, unassigned is displayed) Interface description information, for which up to 12 characters can be displayed If there are more than 12 characters, only the first nine characters are displayed ip address Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask mask-length } command to remove the primary IP address. Use the undo ip address ip-address { mask mask-length } sub command to remove a secondary IP address. By default, no IP address is assigned to any interface. When assigning IP addresses to an interface, consider the following: You can assign only one primary IP address to an interface. The primary and secondary IP addresses can be located in the same network segment. Before removing the primary IP address, remove all secondary IP addresses. You cannot assign a secondary IP address to the interface that is configured to obtain one through BOOTP or DHCP. Related commands: display ip interface. ip address ip-address { mask-length mask } [ sub ] undo ip address [ ip-address { mask-length mask } [ sub ] ] Interface view ip-address: Specifies the IP address of an interface, in dotted decimal notation. mask-length: Specifies the subnet mask length, the number of consecutive ones in the mask. mask: Specifies the subnet mask in dotted decimal notation. sub: Specifies the secondary IP address for the interface. 18

26 s # Assign VLAN-interface 1 a primary IP address and a secondary IP address , with subnet masks being [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address [Sysname-Vlan-interface1] ip address sub # Assign Layer 3 Ethernet port GigabitEthernet 1/0/5 a primary IP address and a secondary IP address , with subnet masks being [Sysname]interface GigabitEthernet 1/0/5 [Sysname GigabitEthernet1/0/5] port link-mode route [Sysname GigabitEthernet1/0/5] ip address [Sysname GigabitEthernet1/0/5]ip address sub 19

27 DHCP server configuration commands bims-server Use the bims-server command to specify the IP address, port number, and shared key of the BIMS server in the DHCP address pool for the client. Use the undo bims-server command to remove the specified BIMS server information. By default, no BIMS server information is specified. If you execute the bims-server command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. bims-server ip ip-address [ port port-number ] sharekey key undo bims-server DHCP address pool view ip ip-address: Specifies an IP address for the BIMS server. port port-number: Specifies a port number for the BIMS server, ranging from 1 to 65,534. sharekey key: Specifies a shared key for the BIMS server, which is a string of 1 to 16 characters. # Specify the IP address , port number 80, shared key aabbcc of the BIMS server in DHCP address pool 0 for the client. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bims-server ip port 80 sharekey aabbcc bootfile-name Use the bootfile-name command to specify a bootfile name in the DHCP address pool for the client. Use the undo bootfile-name command to remove the specified bootfile name. By default, no bootfile name is specified. 20

28 If you execute the bootfile-name command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. bootfile-name bootfile-name undo bootfile-name DHCP address pool view Parameter bootfile-name: Specifies the boot file name, a string of 1 to 63 characters. # Specify the bootfile name aaa.cfg in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name aaa.cfg dhcp enable Use the dhcp enable command to enable DHCP. Use the undo dhcp enable command to disable DHCP. By default, DHCP is disabled. NOTE: You need to enable DHCP before performing DHCP server and relay agent configurations. dhcp enable undo dhcp enable System view None 21

29 # Enable DHCP. [Sysname] dhcp enable dhcp server apply ip-pool Parameter Use the dhcp server apply ip-pool command to apply an extended address pool on an interface. Use the undo dhcp server apply ip-pool command to remove the configuration. By default, no extended address pool is applied on an interface, and the server assigns an IP address from a common address pool to a client when the client's request arrives at the interface. If you execute the dhcp server apply ip-pool command on an interface, when a client's request arrives at the interface, the server attempts to assign the client the statically bound IP address first and then an IP address from this extended address pool. Only an extended address pool can be applied on an interface. The address pool to be referenced must already exist. Related commands: dhcp server ip-pool. dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool [ pool-name ] Interface view pool-name: Specifies the DHCP address pool name, a case-insensitive string ranging from 1 to 35 characters. # Apply extended DHCP address pool 0 on VLAN-interface 1. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp server apply ip-pool 0 dhcp select server global-pool Use the dhcp select server global-pool command to enable the DHCP server on specified interfaces. After the interface receives a DHCP request from a client, the DHCP server will allocate an IP address from the address pool. 22

30 Use the undo dhcp select server global-pool command to remove the configuration. Upon receiving a DHCP request from a client, the interface will neither assign an IP address to the client, nor serve as a DHCP relay agent to forward the request. Use the undo dhcp select server global-pool subaddress command to disable the support for secondary address allocation. By default, the DHCP server is enabled on an interface. dhcp select server global-pool [ subaddress ] undo dhcp select server global-pool [ subaddress ] Parameter Interface view subaddress: Supports secondary address allocation. When the DHCP server and client are on the same network segment, the server preferably assigns an IP address from an address pool that resides on the same subnet as the primary IP address of the server interface (connecting to the client). If the address pool contains no assignable IP address, the server assigns an IP address from an address pool that resides on the same subnet as the secondary IP addresses of the server interface. If the interface has multiple secondary IP addresses, each address pool is tried in turn for address allocation. Without the keyword subaddress specified, the DHCP server can only assign an IP address from the address pool that resides on the same subnet as the primary IP address of the server interface. # Enable the DHCP server on VLAN-interface 1 to assign IP addresses from the address pool that resides on the same subnet as the primary IP address of the server interface (connecting to the client) for the client. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp select server global-pool dhcp server detect Use the dhcp server detect command to enable unauthorized DHCP server detection. Use the undo dhcp server detect command to disable the function. By default, the function is disabled. With this function enabled, upon receiving a DHCP request, the DHCP server resolves from the request the IP addresses of DHCP servers which ever offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once. The administrator can use this information to check for unauthorized DHCP servers. 23

31 dhcp server detect undo dhcp server detect System view None # Enable unauthorized DHCP server detection. [Sysname] dhcp server detect dhcp server forbidden-ip Use the dhcp server forbidden-ip command to exclude IP addresses from dynamic allocation. Use the undo dhcp server forbidden-ip command to remove the configuration. By default, all IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces. When you use the dhcp server forbidden-ip command to exclude an IP address that is bound to a user from dynamic assignment, the address can be still assigned to the user. When you use the undo dhcp server forbidden-ip command to remove the configuration, the specified address/address range must be consistent with the one specified with the dhcp server forbidden-ip command. If you have configured to exclude an address range from dynamic assignment, you need to specify the same address range in the undo dhcp server forbidden-ip command instead of specifying one IP address. Using the dhcp server forbidden-ip command repeatedly can exclude multiple IP address ranges from allocation. Related commands: display dhcp server forbidden-ip, dhcp server ip-pool, network, and static-bind ipaddress. dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] System view 24

32 low-ip-address: Specifies the start IP address of the IP address range to be excluded from dynamic allocation. high-ip-address: Specifies the end IP address of the IP address range to be excluded from dynamic allocation. The end IP address must have a higher sequence than the start one. # Exclude the IP address range to from dynamic allocation. [Sysname] dhcp server forbidden-ip dhcp server ip-pool Use the dhcp server ip-pool command to create a DHCP address pool and enter its view. If the pool was created, you will directly enter its view. Use the undo dhcp server ip-pool command to remove the specified DHCP address pool. By default, no DHCP address pool is created. Related commands: dhcp enable and display dhcp server tree. dhcp server ip-pool pool-name [ extended ] undo dhcp server ip-pool pool-name System view pool-name: Specifies the global address pool name, which is a unique pool identifier, a string of 1 to 35 characters. extended: Specifies the address pool as an extended address pool. If this keyword is not specified, the address pool is a common address pool. # Create the common address pool identified by 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] 25

33 dhcp server ping packets Parameter Use the dhcp server ping packets command to specify the maximum number of ping packets on the DHCP server. Use the undo dhcp server ping packets command to restore the default. The number defaults to 1. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified period, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached. If still no response is received, the server assigns the IP address to the requesting client. dhcp server ping packets number undo dhcp server ping packets System view number: Specifies the number of ping packets, ranging from 0 to means no ping operation. # Specify the maximum number of ping packets as 10. [Sysname] dhcp server ping packets 10 dhcp server ping timeout Use the dhcp server ping timeout command to configure the ping response timeout time on the DHCP server. Use the undo dhcp server ping timeout command to restore the default. The time defaults to 500 ms. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified interval, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached. If still no response is received, the server assigns the IP address to the requesting client. 26

34 dhcp server ping timeout milliseconds undo dhcp server ping timeout Parameter System view milliseconds: Specifies the response timeout value for ping packets in milliseconds, ranging from 0 to 10, means no ping operation. # Specify the response timeout time as 1000 ms. [Sysname] dhcp server ping timeout 1000 dhcp server relay information enable Use the dhcp server relay information enable command to enable the DHCP server to handle Option 82. Use the undo dhcp server relay information enable command to configure the DHCP server to ignore Option 82. By default, the DHCP server handles Option 82. dhcp server relay information enable undo dhcp server relay information enable System view None # Configure the DHCP server to ignore Option 82. [Sysname] undo dhcp server relay information enable 27

35 dhcp server threshold s Use the dhcp server threshold command to enable the DHCP server to send trap messages to the network management server when the specified threshold is reached. Use the undo dhcp server threshold command to restore the default. By default, the DHCP server does not send trap messages to the network management server. dhcp server threshold { allocated-ip threshold-value average-ip-use threshold-value max-ip-use threshold-value } undo dhcp server threshold { allocated-ip average-ip-use max-ip-use } System view allocated-ip threshold-value: Enables the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. average-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. max-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the maximum IP address utilization of an address pool within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. # Enable the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within five minutes exceeds 50%. [Sysname] dhcp server threshold allocated-ip 50 # Enable the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within five minutes exceeds 80%. [Sysname] dhcp server threshold average-ip-use 80 # Enable the DHCP server to send trap messages to the network management server when the maximum IP address utilization of an address pool within five minutes exceeds 80%. [Sysname] dhcp server threshold max-ip-use 80 28

36 display dhcp server conflict Use the display dhcp server conflict command to display information about IP address conflicts. Related commands: reset dhcp server conflict. display dhcp server conflict { all ip ip-address } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays information about all IP address conflicts. ip-address: Displays conflict information for a specified IP address. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about all IP address conflicts. <Sysname> display dhcp server conflict all Address Discover time Apr :57: Apr :00: total 2 entry --- Table 4 Command output Field Address Discover Time Conflicted IP address Time when the conflict was discovered display dhcp server expired Use the display dhcp server expired command to view lease expiration information of specified DHCP address pools or an IP address. DHCP will assign these expired IP addresses to DHCP clients after all addresses have been assigned. 29

37 display dhcp server expired { all ip ip-address pool [ pool-name ] } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the lease expiration information of all DHCP address pools. ip ip-address: Displays the lease expiration information of a specified IP address. pool [ pool-name ]: Displays the lease expiration information of a specified address pool. The pool name is a string of 1 to 35 characters. If the pool name is not specified, the lease expiration information of all address pools is displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about lease expirations in all DHCP address pools. <Sysname> display dhcp server expired all IP address Client-identifier/ Lease expiration Type Hardware address e Apr :10:47 Release 302e d e f total 1 entry --- Table 5 Command output Field IP address Client-identifier/Hardware address Lease expiration Type Expired IP addresses IDs or MACs of clients whose IP addresses were expired The lease expiration time Types of lease expirations This field is set to Release 30

38 display dhcp server free-ip Use the display dhcp server free-ip command to display information about assignable IP addresses which have never been assigned. display dhcp server free-ip [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about assignable IP addresses. <Sysname> display dhcp server free-ip IP Range from to display dhcp server forbidden-ip Use the display dhcp server forbidden-ip command to display IP addresses excluded from dynamic allocation in DHCP address pool. display dhcp server forbidden-ip [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. 31

39 exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display IP addresses excluded from dynamic allocation in the DHCP address pool. <Sysname> display dhcp server forbidden-ip Global: IP Range from to IP Range from to Pool name: Table 6 Command output Field Global Pool name Globally excluded IP addresses specified with the dhcp server forbidden-ip command in system view. No address pool can assign these IP addresses. Excluded IP addresses specified with the forbidden-ip command in DHCP address pool view. They cannot be assigned from the current extended address pool only. display dhcp server ip-in-use Use the display dhcp server ip-in-use command to view binding information of DHCP address pools or an IP address. Related commands: reset dhcp server ip-in-use. display dhcp server ip-in-use { all ip ip-address pool [ pool-name ] } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the binding information of all DHCP address pools. ip ip-address: Displays the binding information of a specified IP address. pool [ pool-name ]: Displays the binding information of a specified address pool. The pool name is a string of 1 to 35 characters. If no pool name is specified, the binding information of all address pools is displayed. 32

40 : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the binding information of all DHCP address pools. <Sysname> display dhcp server ip-in-use all Pool utilization: 0.39% IP address Client-identifier/ Lease expiration Type Hardware address NOT Used Manual e May :02:49 Auto:COMMITTED 662e d e f total 2 entry --- Table 7 Command output Field Pool utilization IP address Client-identifier/Hardware address Lease expiration Utilization rate of IP addresses in a DHCP address pool, which is the ratio of assigned IP addresses to assignable IP addresses in the DHCP address pool. When the binding information of all DHCP address pools is displayed, this field displays the total utilization rate of IP addresses in all DHCP address pools. When the binding information of a specific DHCP address pool is displayed, this field displays the utilization rate of IP addresses in the DHCP address pool. When the binding information of a specific IP address is displayed, this field is not displayed. Bound IP address. Client s ID or MAC of the binding. Lease expiration time: Specific time (May :02:49 in this example) Time when the lease expires. NOT Used IP address of the static binding has not been assigned to the specific client. Unlimited Infinite lease expiration time. 33

41 Field Binding types: Manual Static binding. Type Auto:OFFERED Binding sent in the DHCP-OFFER message from the server to the client. Auto:COMMITTED Binding sent in the DHCP-ACK message from the server to the client. display dhcp server statistics Use the display dhcp server statistics command to view statistics of the DHCP server. Related commands: reset dhcp server statistics. display dhcp server statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the statistics on the DHCP server. <Sysname> display dhcp server statistics Global Pool: Pool Number: 1 Binding: Auto: 1 Manual: 0 Expire: 0 BOOTP Request: 10 DHCPDISCOVER: 5 DHCPREQUEST: 3 DHCPDECLINE: 0 DHCPRELEASE: 2 34

42 DHCPINFORM: 0 BOOTPREQUEST: 0 BOOTP Reply: 6 DHCPOFFER: 3 DHCPACK: 3 DHCPNAK: 0 BOOTPREPLY: 0 Bad Messages: 0 Table 8 Command output Field Global Pool Pool Number Auto Manual Expire BOOTP Request BOOTP Reply Bad Messages Statistics of a DHCP address pool Number of address pools Number of dynamic bindings Number of static bindings Number of expired bindings Number of DHCP requests sent from DHCP clients to the DHCP server The requests include: DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST Number of DHCP replies sent from the DHCP server to DHCP clients The replies include: DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY Number of Erroneous messages display dhcp server tree Use the display dhcp server tree command to display information of DHCP address pools. display dhcp server tree { all pool [ pool-name ] } [ { begin exclude include } regular-expression ] Any view 35

43 1: Monitor level all: Displays information of all DHCP address pools. pool [ pool-name ]: Displays information of a specified address pool. The pool name argument is a string of 1 to 35 characters. If no pool name is specified, information of all address pools will be displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information of all DHCP address pools. <Sysname> display dhcp server tree all Global pool: Pool name: 0 network mask Sibling node:1 option 2 ip-address expired Pool name: 1 static-bind ip-address mask static-bind mac-address 00e0-00fc-0001 PrevSibling node:0 expired unlimited Extended pool: Pool name: 2 network ip range network mask expired Table 9 Command output Field Global pool Pool name network Information of a common address pool Address pool name Subnet for address allocation 36

44 Field static-bind ip-address mask static-bind mac-address 00e0-00fc-0001 Sibling node option expired Extended pool network ip range network mask IP address and MAC address of the static binding Sibling node of the current node. Nodes of this kind in the output information can be: Child node C node (subnet segment) address pool of the current node Parent node Parent node (nature network segment) address pool of the current node Sibling node Latter sibling node of the current node (another subnet of the same nature network); the earlier the sibling node is configured, the higher order the sibling node has PrevSibling node Previous sibling node of the current node Self-defined DHCP options Lease duration, in the format of day, hour, minute, and second Information of an extended address pool Range of assignable IP addresses in the extended address pool Mask of IP addresses assigned from the extended address pool dns-list Use the dns-list command to specify DNS server addresses in a DHCP address pool. Use the undo dns-list command to remove DNS server addresses from a DHCP address pool. By default, no DNS server address is specified. If you perform the dns-list command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. dns-list ip-address&<1-8> undo dns-list { ip-address all } DHCP address pool view ip-address&<1-8>: Specifies the DNS server IP address. &<1-8> means you can specify up to eight DNS server addresses separated by spaces. 37

45 all: Specifies all DNS server addresses to be removed. # Specify the DNS server address for the DHCP client in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list domain-name Parameter expired Use the domain-name command to specify a domain name suffix for the DHCP clients in the DHCP address pool. Use the undo domain-name command to remove the specified domain name suffix. No domain name suffix is specified by default. Related commands: dhcp server ip-pool and display dhcp server tree. domain-name domain-name undo domain-name DHCP address pool view domain-name: Specifies the domain name suffix for DHCP clients, a string of 1 to 50 characters. # Specify a domain name suffix of mydomain.com for the DHCP clients in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] domain-name mydomain.com Use the expired command to specify the lease duration in a DHCP address pool. Use the undo expired command to restore the default lease duration in a DHCP address pool. By default, the lease duration of a static address pool is unlimited, and the lease duration of a dynamic address pool is one day. NOTE: The lease duration cannot be less than 5 seconds. 38

46 Related commands: dhcp server ip-pool and display dhcp server tree. expired { day day [ hour hour [ minute minute [ second second ] ] ] unlimited } undo expired DHCP address pool view day day: Specifies the number of days, ranging from 0 to 365. hour hour: Specifies the number of hours, ranging from 0 to 23. minute minute: Specifies the number of minutes, ranging from 0 to 59. second second: Specifies the number of seconds, ranging from 0 to 59. unlimited: Specifies the unlimited lease duration, which is actually 136 years. # Specify the lease duration as one day, two hours, three minutes, and four seconds in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4 forbidden-ip Use the forbidden-ip command to exclude IP addresses from dynamic allocation in an extended address pool. Use the undo forbidden-ip command to cancel specified or all excluded IP addresses. By default, all IP addresses in an extended address pool are assignable except the IP addresses of the DHCP server interfaces. Only the extended address pools support this command. IP addresses specified with the forbidden-ip command in DHCP address pool view are excluded from dynamic address allocation in the current extended address pool only. They are assignable in other address pools. Repeatedly using the forbidden-ip command can exclude multiple IP address ranges from dynamic allocation. Related commands: dhcp server ip-pool and display dhcp server forbidden-ip. forbidden-ip ip-address&<1-8> 39

47 undo forbidden-ip { ip-address&<1-8> all } DHCP extended address pool view ip-address&<1-8>: Specifies the IP addresses to be excluded from dynamic allocation. &<1-8> indicates that you can specify up to eight IP addresses, separated with spaces. all: Excludes all IP addresses from dynamic allocation. # Exclude IP addresses and from dynamic allocation for extended address pool 0. [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] forbidden-ip gateway-list Use the gateway-list command to specify gateway addresses in a DHCP address pool. Use the undo gateway-list command to remove specified gateway addresses specified for the DHCP client from a DHCP address pool. By default, no gateway address is specified. If you use the gateway-list command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. gateway-list ip-address&<1-8> undo gateway-list { ip-address all } DHCP address pool view ip-address&<1-8>: Specifies the gateway IP address. &<1-8> means you can specify up to eight gateway addresses separated by spaces. all: Specifies all gateway IP addresses to be removed. # Specify the gateway address in DHCP address pool 0. 40

48 nbns-list [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list Use the nbns-list command to specify WINS server addresses in a DHCP address pool. Use the undo nbns-list command to remove the specified WINS server addresses. By default, no WINS server address is specified. If you use the nbns-list command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool, netbios-type, and display dhcp server tree. nbns-list ip-address&<1-8> undo nbns-list { ip-address all } DHCP address pool view ip-address&<1-8>: Specifies the WINS server IP address. &<1-8> means you can specify up to eight WINS server addresses separated by spaces. all: Specifies all WINS server addresses to be removed. # Specify WINS server address in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] nbns-list netbios-type Use the netbios-type command to specify the client NetBIOS node type in a DHCP address pool. Use the undo netbios-type command to remove the specified client NetBIOS node type. By default, no NetBIOS node type is specified. Related commands: dhcp server ip-pool, nbns-list, and display dhcp server tree. netbios-type { b-node h-node m-node p-node } undo netbios-type 41

49 network DHCP address pool view b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message. The destination returns the name-to-ip mapping to the client after receiving the message. p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the mapping to the client. m-node: Specifies the mixed node, a combination of a b-node first and p-node second. An m-node client broadcasts the destination name, if there is no response, and then unicasts the destination name to the WINS server to get the mapping. h-node: Specifies the hybrid node, a combination of a p-node first and b-node second. An h-node is a b- node with the peer-to-peer communication mechanism. An h-node client unicasts the destination name to the WINS server, if there is no response, and then broadcasts it to get the mapping from the destination. # Specify the NetBIOS node type as b-node in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] netbios-type b-node Use the network command to specify the subnet for dynamic allocation in a DHCP address pool. Use the undo network command to remove the specified subnet. No subnet is specified by default. You can specify only one subnet for each common address pool. If you use the network command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. network network-address [ mask-length mask mask ] undo network DHCP address pool view 42

50 network-address: Specifies the subnet for dynamic allocation. If no mask length and mask is specified, the natural mask will be used. mask-length: Specifies the mask length, ranging from 1 to 30. mask mask: Specifies the IP address network mask, in dotted decimal format. # Specify /24 as the subnet for dynamic allocation in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] network mask network ip range s Use the network ip range command to specify the IP address range for dynamic allocation in an address pool. Use the undo network ip range command to remove the specified address range. No IP address range is specified by default. In a common address pool, you can use the network ip range command to further specify an IP address range on a subnet for address allocation. The specified IP address range must belong to the subnet; otherwise the common address pool cannot assign IP addresses. You can specify only one IP address range for each address pool. If you use the network ip range command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool, network, and display dhcp server tree. network ip range min-address max-address undo network ip range DHCP address pool view min-address: Specifies the lowest IP address for dynamic allocation. max-address: Specifies the highest IP address for dynamic allocation. # Specify addresses through on subnet /24 for dynamic address allocation in common address pool 1. [Sysname] dhcp server ip-pool 1 43

51 [Sysname-dhcp-pool-1] network [Sysname-dhcp-pool-1] network ip range # Specify addresses through for dynamic address allocation in extended address pool 0. [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network ip range network mask Parameter Use the network mask command to specify the IP address mask for dynamic allocation in an extended address pool. Use the undo network mask command to remove the specified IP address mask. No IP address mask is specified by default. Only the extended address pools support this command. If you specify an IP address range for an extended address pool without an IP address mask, the extended address pool is not valid, and therefore the system cannot assign IP addresses from the extended address pool. Related commands: dhcp server ip-pool, display dhcp server tree, and network ip range. network mask mask undo network mask DHCP extended address pool view next-server mask: Specifies a network mask, in dotted decimal notation. # Specify as the IP address mask for dynamic allocation in extended address pool 0. [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network mask Use the next-server command to specify the IP address of a server for DHCP clients. Use the undo next-server command to remove the server s IP address from the DHCP address pool. 44

52 By default, no server s IP address is specified in the address pool on the DHCP server. If you repeatedly execute this command, the new configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. next-server ip-address undo next-server Parameter option DHCP address pool view ip-address: Specifies the IP address of a server. # Specify a server s IP address in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server Use the option command to configure a self-defined DHCP option in a DHCP address pool. Use the undo option command to remove a self-defined DHCP option from a DHCP address pool. The option command is not configured by default. If you use the option command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. option code { ascii ascii-string hex hex-string&<1-16> ip-address ip-address&<1-8> } undo option code DHCP address pool view code: Specifies the self-defined option number, ranging from 2 to 254, excluding 12, 50 to 55, 57 to 61, and 82. ascii ascii-string: Specifies an ASCII string with 1 to 255 characters. 45

53 hex hex-string&<1-16>: Specifies hex digit strings. &<1-16> indicates that you can specify up to 16 hex digit strings, separated by spaces. Each string contains 2, 4, 6 or 8 hex digits. ip-address ip-address&<1-8>: Specifies IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. # Configure the hex digits 0x11 and 0x22 for the self-defined DHCP Option 100 in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] option 100 hex reset dhcp server conflict Use the reset dhcp server conflict command to clear statistics of IP address conflicts. Related commands: display dhcp server conflict. reset dhcp server conflict { all ip ip-address } User view all: Clears the statistics of all IP address conflicts. ip ip-address: Clears the conflict statistics of a specified IP address. # Clears the statistics of all IP address conflicts. <Sysname> reset dhcp server conflict all reset dhcp server ip-in-use Use the reset dhcp server ip-in-use command to clear dynamic IP address binding information. Related commands: display dhcp server ip-in-use. reset dhcp server ip-in-use { all ip ip-address pool [ pool-name ] } User view 46

54 all: Clears the IP address dynamic binding information of all DHCP address pools. ip ip-address: Clears the dynamic binding information of a specified IP address. pool [ pool-name ]: Clears the dynamic binding information of a specified address pool. The pool name is a string of 1 to 35 characters. If no pool name is specified, the dynamic binding information of all address pools is cleared. # Clear the binding information of IP address <Sysname> reset dhcp server ip-in-use ip reset dhcp server statistics Use the reset dhcp server statistics command to clear the statistics of the DHCP server. Related commands: display dhcp server statistics. reset dhcp server statistics User view 1: Monitor level None # Clear the statistics of the DHCP server. <Sysname> reset dhcp server statistics static-bind client-identifier Use the static-bind client-identifier command to specify the client ID of a static binding in a DHCP address pool. Use the undo static-bind client-identifier command to remove the client ID of a static binding from a DHCP address pool. By default, no client ID is specified. Use the static-bind client-identifier command together with the static-bind ip-address command to accomplish a static binding configuration. 47

55 Parameter The ID of the static binding of a client must be identical to the ID displayed by using the display dhcp client verbose command on the client. Otherwise, the client cannot obtain an IP address. If you use the static-bind client-identifier or static-bind mac-address command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool, static-bind ip-address, static-bind mac-address, display dhcp server tree, and display dhcp client verbose. static-bind client-identifier client-identifier undo static-bind client-identifier DHCP address pool view client-identifier: Specifies the client ID of a static binding, a string with 4 to 160 characters in the format of H-H-H, each H indicates 4 hex digits except the last H indicates 2 or 4 hex digits. For example, aabbcccc-dd is a valid ID, but aabb-c-dddd and aabb-cc-dddd are both invalid. # Bind the client ID aaaa-bbbb to the IP address with the mask in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] static-bind ip-address mask [Sysname-dhcp-pool-0] static-bind client-identifier aaaa-bbbb static-bind ip-address Use the static-bind ip-address command to specify an IP address in a DHCP address pool for a static binding. Use the undo static-bind ip-address command to remove the statically bound IP address. By default, no IP address is statically bound in a DHCP address pool. Use the static-bind ip-address command together with the static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration. The IP address of the static binding cannot be an interface address of the DHCP server. Otherwise, an IP address conflict may occur, and the bound client cannot obtain an IP address correctly. If you use the static-bind ip-address command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool, static-bind client-identifier, static-bind mac-address, and display dhcp server tree. 48

56 static-bind ip-address ip-address [ mask-length mask mask ] undo static-bind ip-address DHCP address pool view ip-address: Specifies the IP address of a static binding. If no mask and mask length is specified, the natural mask is used. mask-length: Specifies the mask length of the IP address, which is the number of 1s in the mask, ranging from 1 to 30. mask mask: Specifies the IP address mask, in dotted decimal format. # Bind the client MAC address 0000-e03f-0305 to the IP address with the mask in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] static-bind ip-address mask [Sysname-dhcp-pool-0] static-bind mac-address 0000-e03f-0305 static-bind mac-address Use the static-bind mac-address command to statically bind a MAC address to an IP address in a DHCP address pool. Use the undo static-bind mac-address command to remove the statically bound MAC address. By default, no MAC address is statically bound. Use the static-bind mac-address command together with the static-bind ip-address command to complete a static binding configuration. If you use the static-bind mac-address or static-bind client-identifier command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool, static-bind client-identifier, static-bind ip-address, display dhcp server tree. static-bind mac-address mac-address undo static-bind mac-address DHCP address pool view 49

57 Parameter mac-address: Specifies the MAC address of a static binding, in the format of H-H-H. # Bind the client MAC address 0000-e03f-0305 to the IP address with the mask in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] static-bind ip-address mask [Sysname-dhcp-pool-0] static-bind mac-address 0000-e03f-0305 tftp-server domain-name Parameter Use the tftp-server domain-name command to specify a TFTP server name in a DHCP address pool. Use the undo tftp-server domain-name command to remove the TFTP server name from a DHCP address pool. By default, no TFTP server name is specified. If you perform the tftp-server domain-name command repeatedly, the last configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. tftp-server domain-name domain-name undo tftp-server domain-name DHCP address pool view domain-name: Specifies the TFTP server name, a string of 1 to 63 characters. # Specify the TFTP server name as aaa in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server domain-name aaa 50

58 tftp-server ip-address Parameter Use the tftp-server ip-address command to specify the TFTP server IP address in a DHCP address pool. Use the undo tftp-server ip-address command to remove the TFTP server IP address from a DHCP address pool. By default, no TFTP server address is specified. If you perform the tftp-server ip-address command repeatedly, the last configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. tftp-server ip-address ip-address undo tftp-server ip-address DHCP address pool view ip-address: Specifies the TFTP server IP address. # Specify the TFTP server address in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server ip-address vendor-class-identifier Use the vendor-class-identifier command to specify an IP address range for the DHCP clients of a specified vendor. Use the undo vendor-class-identifier command to restore the default. By default, no IP address range is specified for the DHCP clients of any vendor. After this feature is configured in an extended DHCP address pool, the DHCP server, when using the extended DHCP address pool to assign an IP address to a DHCP client, checks whether Option 60 in the DHCP request is the same as the character string configured with the vendor-class-identifier command. If yes, the DHCP server selects an IP address from the address range specified with this command. If not, the DHCP server selects one from the address range specified with the network ip range command. Only extended address pools support this command. The IP address range specified with this command must be included in that specified with the network ip range command. 51

59 Related commands: network ip range and network mask. vendor-class-identifier hex-string&<1-255> ip range min-address max-address undo vendor-class-identifier hex-string&<1-255> DHCP extended address pool view hex-string&<1-255>: Specifies a character string, which is used to match against Option 60 (vendor class identifier option). hex-string is a hexadecimal number ranging from 0 to FF. &<1-255> indicates that you can type up to 255 hexadecimal numbers, which are separated by spaces. ip range min-address max-address: Specifies the IP address range for dynamic allocation. min-address is the lowest IP address and max-address is the highest IP address for dynamic allocation. # Specify IP address rang to for the DHCP clients of vender a0 b0 0c. [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] vendor-class-identifier a0 b0 0c ip range voice-config Use the voice-config command to configure specified Option 184 contents in a DHCP address pool. Use the undo voice-config command to remove specified Option 184 contents from a DHCP address pool. By default, no Option 184 content is configured. You must specify the IP address of a network calling processor first to make other configured parameters take effect. Related commands: dhcp server ip-pool and display dhcp server tree. voice-config { as-ip ip-address fail-over ip-address dialer-string ncp-ip ip-address voice-vlan vlan-id { disable enable } } undo voice-config [ as-ip fail-over ncp-ip voice-vlan ] DHCP address pool view 52

60 as-ip ip-address: Specifies the IP address for the backup network calling processor. When the primary network calling processor is unavailable, the DHCP client uses the backup network calling processor. fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters, which can be 0 to 9, and *. ncp-ip ip-address: Specifies the IP address for the primary network calling processor. voice-vlan vlan-id: Specifies the voice VLAN ID, ranging from 2 to disable: Disables the specified voice VLAN ID, meaning DHCP clients will not take this ID as their voice VLAN. enable: Enables the specified voice VLAN ID, meaning DHCP clients will take this ID as their voice VLAN. # Configure Option 184 in DHCP address pool 0: the primary network calling processor , backup network calling processor , voice VLAN ID 3 that is enabled, the failover IP address and dialer string 99*. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] voice-config ncp-ip [Sysname-dhcp-pool-0] voice-config as-ip [Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable [Sysname-dhcp-pool-0] voice-config fail-over * 53

61 DHCP relay agent configuration commands The DHCP relay agent configuration is supported only on Layer 3 Ethernet ports, and VLAN interfaces. dhcp relay address-check enable Use the dhcp relay address-check enable command to enable address check on the relay agent. Use the undo dhcp relay address-check enable command to disable address check on the relay agent. By default, the function is disabled. With this feature enabled, the DHCP relay agent can record clients IP-to-MAC bindings dynamically after clients get IP addresses through DHCP. It also supports static bindings. You can manually configure IP-to- MAC bindings on the DHCP relay agent, so that users can access external networks using fixed IP addresses. Upon receiving an ARP packet, the DHCP relay agent matches the sender s IP and MAC addresses in the packet against the bindings (both dynamic and static). If no match is found, the DHCP relay agent does not learn the ARP entry. The sending host cannot access external networks via the DHCP relay agent. This command can be executed only on Layer 3 Ethernet ports and VLAN interfaces. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. dhcp relay address-check enable undo dhcp relay address-check enable Interface view None # Enable address check on the DHCP relay agent. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay address-check enable 54

62 dhcp relay check mac-address Use the dhcp relay check mac-address command to enable MAC address check on the DHCP relay agent. Use the undo dhcp relay check mac-address command to disable MAC address check on the DHCP relay agent. By default, this function is disabled. With this function enabled, the DHCP relay agent compares the chaddr field of a received DHCP request with the source MAC address field of the frame. If they are the same, the DHCP relay agent decides this request as valid and forwards it to the DHCP server. If not, the DHCP request is discarded. DHCP relay agents change the source MAC addresses when forwarding DHCP packets. Therefore, you can enable MAC address check only on a DHCP relay agent directly connected to the DHCP clients. Otherwise, valid DHCP packets may be discarded and clients cannot obtain IP addresses. dhcp relay check mac-address undo dhcp relay check mac-address Interface view None # Enable MAC address check on the DHCP relay agent. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay check mac-address dhcp relay client-detect enable Use the dhcp relay client-detect enable command to enable offline detection on the DHCP relay agent. Use the undo dhcp relay client-detect enable command to disable offline detection on the DHCP relay agent. By default, this function is disabled. With this function enabled on an interface, the DHCP relay agent removes a client s IP-to-MAC binding entry when it is aged out, and sends a DHCP-RELEASE request to the DHCP server to release the IP address of the client. 55

63 dhcp relay client-detect enable undo dhcp relay client-detect enable Interface view None # Enable offline detection on the DHCP relay agent. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay client-detect enable dhcp relay information circuit-id format-type Use the dhcp relay information circuit-id format-type command to configure the code type for the nonuser-defined circuit ID sub-option. Use the undo dhcp relay information circuit-id format-type command to restore the default. By default, the code type for the circuit ID sub-option depends on the specified padding format of Option 82. Each field has its own code type. This command applies only to configuring the non-user-defined circuit ID sub-option. After you configure the padding content for the circuit ID sub-option using the dhcp relay information circuit-id string command, ASCII is adopted as the code type. Related commands: display dhcp relay information. dhcp relay information circuit-id format-type { ascii hex } undo dhcp relay information circuit-id format-type Interface view ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. 56

64 # Configure the code type for the non-user-defined circuit ID sub-option as ascii. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information circuit-id format-type ascii dhcp relay information circuit-id string Parameter Use the dhcp relay information circuit-id string command to configure the padding content for the userdefined circuit ID sub-option. Use the undo dhcp relay information circuit-id string command to restore the default. By default, the padding content for the circuit ID sub-option depends on the padding format of Option 82. After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type. Related commands: dhcp relay information format and display dhcp relay information. dhcp relay information circuit-id string circuit-id undo dhcp relay information circuit-id string Interface view circuit-id: Specifies the padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. # Configure the padding content for the circuit ID sub-option as company001. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information circuit-id string company001 dhcp relay information enable Use the dhcp relay information enable command to enable the relay agent to support Option 82. Use the undo dhcp relay information enable command to disable Option 82 support. By default, Option 82 support is disabled on the DHCP relay agent. Related commands: display dhcp relay information. 57

65 dhcp relay information enable undo dhcp relay information enable Interface view None # Enable Option 82 support on the relay agent. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable dhcp relay information format Use the dhcp relay information format command to specify a padding format for Option 82. Use the undo dhcp relay information format command to restore the default padding format. The Option 82 padding format defaults to normal. If configuring the handling strategy of the DHCP relay agent as replace, you need to configure a padding format of Option 82. If the handling strategy is keep or drop, you need not configure any padding format. If sub-option 1 (node identifier) of Option 82 is padded with the device name (sysname) of a node, the device name must contain no spaces. Otherwise, the DHCP relay agent will drop the message. Related commands: display dhcp relay information. dhcp relay information format { normal verbose [ node-identifier { mac sysname user-defined node-identifier } ] } undo dhcp relay information format Interface view normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. 58

66 node-identifier { mac sysname user-defined node-identifier }: Specifies the access node identifier. By default, the node MAC address is used as the node identifier. mac indicates using the MAC address as the node identifier. sysname indicates using the device name of a node as the node identifier. user-defined node-identifier indicates using a specified character string as the node identifier, in which node-identifier is a string with 1 to 50 characters. # Specify the verbose padding format for Option 82. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable [Sysname-Vlan-interface1] dhcp relay information strategy replace [Sysname-Vlan-interface1] dhcp relay information format verbose dhcp relay information remote-id format-type Use the dhcp relay information remote-id format-type command to configure the code type for the nonuser-defined remote ID sub-option. Use the undo dhcp relay information remote-id format-type command to restore the default. By default, the code type for the remote ID sub-option is HEX. This command applies only to configuring the non-user-defined remote ID sub-option. After you configure the padding content for the remote ID sub-option using the dhcp relay information remote-id string command, ASCII is adopted as the code type. Related commands: display dhcp relay information. dhcp relay information remote-id format-type { ascii hex } undo dhcp relay information remote-id format-type Interface view 2: System view ascii: Specifies the code type for the remote ID sub-option as ascii. hex: Specifies the code type for the remote ID sub-option as hex. # Configure the code type for the non-user-defined remote ID sub-option as ascii. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information remote-id format-type ascii 59

67 dhcp relay information remote-id string Use the dhcp relay information remote-id string command to configure the padding content for the userdefined remote ID sub-option. Use the undo dhcp relay information remote-id string command to restore the default. By default, the padding content for the remote ID sub-option depends on the padding format of Option 82. After you configure the padding content for the remote ID sub-option using this command, ASCII is adopted as the code type. If you want to specify the character string sysname (a case-insensitive character string) as the padding content for the remote ID sub-option, you need to use quotation marks to make it take effect. For example, if you want to specify Sysname as the padding content for the remote ID sub-option, you need to enter the dhcp relay information remote-id string Sysname command. Related commands: dhcp relay information format and display dhcp relay information. dhcp relay information remote-id string { remote-id sysname } undo dhcp relay information remote-id string Interface view remote-id: Specifies the padding content for the user-defined remote ID sub-option, a case-sensitive string of 1 to 63 characters. sysname: Specifies the device name as the padding content for the remote ID sub-option. # Configure the padding content for the remote ID sub-option as device001. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information remote-id string device001 dhcp relay information strategy Use the dhcp relay information strategy command to configure DHCP relay agent handling strategy for messages containing Option 82. Use the undo dhcp relay information strategy command to restore the default handling strategy. The handling strategy for messages containing Option 82 defaults to replace. Related commands: display dhcp relay information. 60

68 dhcp relay information strategy { drop keep replace } undo dhcp relay information strategy Interface view drop: Specifies the dropping of messages containing Option 82. keep: Specifies the forwarding of messages containing Option 82 without any change. replace: Specifies the forwarding of messages containing Option 82 after replacing the original Option 82 with the Option 82 padded in the specified padding format. # Configure the DHCP relay agent handling strategy for messages containing Option 82 as keep. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable [Sysname-Vlan-interface1] dhcp relay information strategy keep dhcp relay release ip Parameter Use the dhcp relay release ip command to request the DHCP server to release a specified client IP address. dhcp relay release ip client-ip System view client-ip: Specifies the DHCP client IP address. # Request the DHCP server to release the IP address [Sysname] dhcp relay release ip

69 dhcp relay security static Use the dhcp relay security static command to configure a static client entry, which is the binding between IP address, MAC address, and Layer 3 interface on the relay agent. Use the undo dhcp relay security command to remove specified client entries from the relay agent. No manual client entry is configured on the DHCP relay agent by default. When using the dhcp relay security static command to bind an interface to a static client entry, make sure that the interface is configured as a DHCP relay agent; otherwise, entry conflicts may occur. The undo dhcp relay security interface command is used to remove all the dynamic client entries from the interface. Related commands: display dhcp relay security. dhcp relay security static ip-address mac-address [ interface interface-type interface-number ] undo dhcp relay security { ip-address all dynamic interface interface-type interface-number static } System view ip-address: Specifies the client IP address for creating a static binding. mac-address: Specifies the client MAC address for creating a static binding, in the format H-H-H. interface interface-type interface-number: Specifies a Layer 3 interface connecting to the DHCP client. interface-type interface-number specifies the interface type and interface number. all: Specifies that all client entries are to be removed. dynamic: Specifies that dynamic client entries are to be removed. static: Specifies that manual client entries are to be removed. # Bind DHCP relay interface VLAN-interface 2 to IP address and MAC address d02- f2b3 of the client. [Sysname] dhcp relay security static d02-f2b3 interface vlan-interface 2 dhcp relay security refresh enable Use the dhcp relay security refresh enable command to enable the DHCP relay agent to periodically refresh dynamic client entries. 62

70 Use the undo dhcp relay security refresh enable command to disable periodic refresh of dynamic client entries. By default, the DHCP relay agent is enabled to periodically refresh dynamic client entries. If you disable the DHCP relay agent from periodically refreshing dynamic client entries, such entries do not age automatically. Therefore, if a client relinquishes its IP address, you need to manually remove the corresponding dynamic client entry on the DHCP relay agent. Related commands: dhcp relay security tracker and dhcp relay security static. dhcp relay security refresh enable undo dhcp relay security refresh enable System view None # Disable the DHCP relay agent from periodically refreshing dynamic client entries. [Sysname] undo dhcp relay security refresh enable dhcp relay security tracker Use the dhcp relay security tracker command to set a refreshing interval at which the relay agent contacts the DHCP server for refreshing dynamic bindings. Use the undo dhcp relay security tracker command to restore the default interval. The default refreshing interval is auto, the value of 60 seconds divided by the number of binding entries. Related commands: display dhcp relay security tracker. dhcp relay security tracker { interval auto } undo dhcp relay security tracker [ interval ] System view 63

71 interval: Specifies the refreshing interval in seconds, ranging from 1 to 120. auto: Specifies the auto refreshing interval, which is the value of 60 seconds divided by the number of binding entries. The more entries there are, the shorter the interval. The shortest interval is no less than 500 ms. # Set the refreshing interval as 100 seconds. [Sysname] dhcp relay security tracker 100 dhcp relay server-detect Use the dhcp relay server-detect command to enable unauthorized DHCP server detection. Use the undo dhcp relay server-detect command to disable unauthorized DHCP server detection. By default, unauthorized DHCP server detection is disabled. With this function enabled, upon receiving a DHCP request, the DHCP relay agent will record from the request the IP addresses of all DHCP servers that ever offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once. The administrator can use this information from logs to check for unauthorized DHCP servers. After the information of recorded DHCP servers is cleared, the relay agent will re-record server information following this mechanism. dhcp relay server-detect undo dhcp relay server-detect System view None # Enable unauthorized DHCP server detection. [Sysname] dhcp relay server-detect dhcp relay server-group Use the dhcp relay server-group command to specify a DHCP server for a DHCP server group. 64

72 Use the undo dhcp relay server-group command to remove a DHCP server from a DHCP server group, if no ip ip-address is specified, all servers in the DHCP server group and the server group itself will be removed. By default, no DHCP server is specified for a DHCP server group. The IP address of a DHCP server and the IP address of the DHCP relay agent s interface that connects the DHCP client cannot be in the same network segment. Otherwise, the client may fail to obtain an IP address. If a server group has been correlated to multiple interfaces, you need to cancel these correlations before removing the server group. Related commands: display dhcp relay server-group. dhcp relay server-group group-id ip ip-address undo dhcp relay server-group group-id [ ip ip-address ] System view group-id: Specifies a DHCP server group by its number, ranging from 0 to 19. ip ip-address: Specifies a DHCP server IP address. # Specify DHCP server for DHCP server group 1 on the relay agent. [Sysname] dhcp relay server-group 1 ip dhcp relay server-select Use the dhcp relay server-select command to correlate specified interfaces to a specified DHCP server group. Use the undo dhcp relay server-select command to remove a configured correlation. By default, no DHCP server group is correlated with an interface on the relay agent. A DHCP server group can correlate with one or multiple DHCP relay agent interfaces. A relay agent interface can only correlate with one DHCP server group, and a newly configured correlation overwrites the previous one. If the server group in the new correlation does not exist, the new configuration will not work. The interface still maintains the previous correlation. The DHCP server group referenced in this command should have been configured by using the dhcp relay server-group command. Related commands: dhcp relay server-group and display dhcp relay. 65

73 dhcp relay server-select group-id undo dhcp relay server-select Parameter Interface view group-id: Specifies a DHCP server group by its number to be correlated, ranging from 0 to 19. # Correlate VLAN-interface 1 to DHCP server group 1. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay server-select 1 dhcp select relay Use the dhcp select relay command to enable the relay agent on the current interface. Upon receiving requests from an enabled interface, the relay agent will forward these requests to outside DHCP servers for IP address allocation. Use the undo dhcp select relay command to restore the default. After DHCP is enabled, the DHCP server is enabled on an interface by default. Upon receiving a client s request from the interface, the DHCP server allocates an IP address from the DHCP address pool to the client. When the working mode of the interface is changed from DHCP server to DHCP relay agent, the IP address leases will not be deleted. To avoid this, delete the existing IP address leases when changing the interface working mode to DHCP relay agent. dhcp select relay undo dhcp select relay Interface view None 66

74 # Enable the DHCP relay agent on VLAN-interface 1. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp select relay display dhcp relay Use the display dhcp relay command to display information about DHCP server groups correlated to an interface or all interfaces. display dhcp relay { all interface interface-type interface-number } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays information of DHCP server groups that all interfaces correspond to. interface interface-type interface-number: Displays information of the DHCP server group that a specified interface corresponds to. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about DHCP server groups correlated to all interfaces. <Sysname> display dhcp relay all Interface name Server-group Vlan-interface1 2 Table 10 Command output Field Server-group DHCP server group number correlated to the interface 67

75 display dhcp relay information Use the display dhcp relay information command to display Option 82 configuration information on the DHCP relay agent. display dhcp relay information { all interface interface-type interface-number } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the Option 82 configuration information of all interfaces. interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the Option 82 configuration information of all interfaces. <Sysname> display dhcp relay information all Interface: Vlan-interface100 Status: Enable Strategy: Replace Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc User defined: Circuit ID: company001 Interface: Vlan-interface200 Status: Enable Strategy: Keep Format: Normal Circuit ID format-type: HEX Remote ID format-type: ASCII User defined: 68

76 Remote ID: device001 Table 11 Command output Field Interface Status Strategy Format Circuit ID format-type Remote ID format-type Node identifier User defined Circuit ID Remote ID Interface name Option 82 state, which can be Enable or Disable Handling strategy for requesting messages containing Option 82, which can be Drop, Keep, or Replace Padding format of Option 82, which can be Normal or Verbose Non-user-defined code type of the circuit ID sub-option, which can be ASCII or HEX Non-user-defined code type of the remote ID sub-option, which can be ASCII or HEX Access node identifier Content of user-defined sub-options User-defined padding content of the circuit ID sub-option User-defined padding content of the remote ID sub-option display dhcp relay security Use the display dhcp relay security command to display information about bindings of DHCP relay agents. If no parameter is specified, information about all bindings will be displayed. You must enable address check, or IP source guard on the DHCP relay agent before it can generate dynamic client entries. For more information about IP source guard, see Security Configuration Guide. display dhcp relay security [ ip-address dynamic static ] [ { begin exclude include } regularexpression ] Any view 1: Monitor level ip-address: Displays the binding information of an IP address. dynamic: Displays information about dynamic bindings. static: Displays information about static bindings. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. 69

77 exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about all bindings. <Sysname> display dhcp relay security IP Address MAC Address Type Interface e Static Vlan dhcp-security item(s) found --- Table 12 Command output Field IP Address MAC Address Type Interface Client IP address Client MAC address Type of binding, including dynamic, static, and temporary Layer 3 interface connecting to the DHCP client If no interface is recorded in the binding entry, N/A is displayed display dhcp relay security statistics Use the display dhcp relay security statistics command to display statistics information about bindings of DHCP relay agents. You must enable address check, or IP source guard on the DHCP relay agent before it can generate dynamic client entries. For more information about IP source guard, see Security Configuration Guide. display dhcp relay security statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 70

78 # Display statistics about bindings of DHCP relay agents. <Sysname> display dhcp relay security statistics Static Items :1 Dynamic Items :0 Temporary Items :0 All Items :1 Table 13 Command output Field Static Items Dynamic Items Temporary Items All Items Static binding items Dynamic binding items Temporary binding items All binding items display dhcp relay security tracker Use the display dhcp relay security tracker command to view the interval for refreshing dynamic bindings on the relay agent. display dhcp relay security tracker [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the interval for refreshing dynamic bindings on the relay agent. <Sysname> display dhcp relay security tracker Current tracker interval : 10s The interval is 10 seconds. 71

79 display dhcp relay server-group Use the display dhcp relay server-group command to view configuration information of a specified DHCP server group or all DHCP server groups. display dhcp relay server-group { group-id all } [ { begin exclude include } regular-expression ] Any view 1: Monitor level group-id: Displays the information of the specified DHCP server group numbered from 0 to 19. all: Displays the information of all DHCP server groups. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display IP addresses of DHCP servers in DHCP server group 1. <Sysname> display dhcp relay server-group 1 No. Group IP Table 14 Command output Field No. Group IP Sequence number IP address in the server group display dhcp relay statistics Use the display dhcp relay statistics command to display DHCP packet statistics related to a specified DHCP server group or all DHCP server groups. If no parameter (server-group and all) is specified, all DHCP packet statistics on the relay agent will be displayed. 72

80 Related commands: reset dhcp relay statistics. display dhcp relay statistics [ server-group { group-id all } ] [ { begin exclude include } regularexpression ] s Any view 1: Monitor level group-id: Specifies a server group by its number, ranging from 0 to 19, about display DHCP packet statistics is to be displayed. all: Specifies all server groups about which DHCP packet statistics is to be displayed. Information for each group is displayed independently. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all DHCP packet statistics on the relay agent. <Sysname> display dhcp relay statistics Bad packets received: 0 DHCP packets received from clients: 0 DHCPDISCOVER packets received: 0 DHCPREQUEST packets received: 0 DHCPINFORM packets received: 0 DHCPRELEASE packets received: 0 DHCPDECLINE packets received: 0 BOOTPREQUEST packets received: 0 DHCP packets received from servers: 0 DHCPOFFER packets received: 0 DHCPACK packets received: 0 DHCPNAK packets received: 0 BOOTPREPLY packets received: 0 DHCP packets relayed to servers: 0 DHCPDISCOVER packets relayed: 0 DHCPREQUEST packets relayed: 0 DHCPINFORM packets relayed: 0 DHCPRELEASE packets relayed: 0 DHCPDECLINE packets relayed: 0 BOOTPREQUEST packets relayed: 0 73

81 DHCP packets relayed to clients: 0 DHCPOFFER packets relayed: 0 DHCPACK packets relayed: 0 DHCPNAK packets relayed: 0 BOOTPREPLY packets relayed: 0 DHCP packets sent to servers: 0 DHCPDISCOVER packets sent: 0 DHCPREQUEST packets sent: 0 DHCPINFORM packets sent: 0 DHCPRELEASE packets sent: 0 DHCPDECLINE packets sent: 0 BOOTPREQUEST packets sent: 0 DHCP packets sent to clients: 0 DHCPOFFER packets sent: 0 DHCPACK packets sent: 0 DHCPNAK packets sent: 0 BOOTPREPLY packets sent: 0 # Display DHCP packet statistics related to every server group on the relay agent. <Sysname> display dhcp relay statistics server-group all DHCP relay server-group #0 Packet type Packet number Client -> Server: DHCPDISCOVER 0 DHCPREQUEST 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPDECLINE 0 BOOTPREQUEST 0 Server -> Client: DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 BOOTPREPLY 0 reset dhcp relay statistics Use the reset dhcp relay statistics command to remove statistics from the relay agent. If no server-group is specified, all statistics will be removed from the relay agent. Related commands: display dhcp relay statistics. reset dhcp relay statistics [ server-group group-id ] User view 74

82 Parameter 1: Monitor level server-group group-id: Specifies a server group by its number, ranging from 0 to 19, about which statistics is to be removed from the relay agent. # Remove all statistics from the DHCP relay agent. <Sysname> reset dhcp relay statistics 75

83 DHCP client configuration commands The DHCP client configuration is supported only on Layer 3 Ethernet ports, and VLAN interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be the Windows Server 2000 or Windows Server display dhcp client s Use the display dhcp client command to display DHCP client information. If no interface interface-type interface-number is specified, DHCP client information of all interfaces will be displayed. display dhcp client [ verbose ] [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level verbose: Specifies verbose DHCP client information to be displayed. interface interface-type interface-number: Specifies an interface for which to display DHCP client information. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display DHCP client information of all interfaces. <Sysname> display dhcp client Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: Allocated lease: seconds, T1: seconds, T2: seconds DHCP server: # Display verbose DHCP client information. <Sysname> display dhcp client verbose 76

84 Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: Allocated lease: seconds, T1: seconds, T2: seconds Lease from :37:59 to :37:59 DHCP server: Transaction ID: 0x1c09322d Default router: Classless static route: Destination: , Mask: , NextHop: Destination: , Mask: , NextHop: DNS server: DNS server: Domain name: ddd.com Boot server: Client ID: e e d56-6c61-6e2d-696e T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. Table 15 Command output Field Vlan-interface1 DHCP client information Current machine state Allocated IP Allocated lease T1 T2 Lease from.to. DHCP Server Information of the interface acting as the DHCP client Current state of the DHCP client: HALT Indicates that the client stops applying for an IP address INIT Indicates the initialization state SELECTING Indicates that the client has sent out a DHCP- DISCOVER message in search of a DHCP server and is waiting for the response from DHCP servers REQUESTING Indicates that the client has sent out a DHCP- REQUEST message requesting for an IP address and is waiting for the response from DHCP servers BOUND Indicates that the client has received the DHCP- ACK message from a DHCP server and obtained an IP address successfully RENEWING Indicates that the T1 timer expires REBOUNDING Indicates that the T2 timer expires IP address allocated by the DHCP server Allocated lease time The 1/2 lease time (in seconds) of the DHCP client IP address The 7/8 lease time (in seconds) of the DHCP client IP address Start and end time of the lease DHCP server IP address that assigned the IP address 77

85 Field Transaction ID Default router Classless static route Static route DNS server Domain name Boot server Client ID T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. Transaction ID, a random number chosen by the client to identify an IP address allocation Gateway address assigned to the client Classless static routes assigned to the client Classful static routes assigned to the client DNS server address assigned to the client Domain name suffix assigned to the client PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43 Client ID How long until the T1 (1/2 lease time) timer times out ip address dhcp-alloc Parameter Use the ip address dhcp-alloc command to configure an interface to use DHCP for IP address acquisition. Use the undo ip address dhcp-alloc command to cancel an interface from using DHCP. By default, an interface does not use DHCP for IP address acquisition. If no parameter is specified, the client uses a character string that comprises the current interface name and MAC address as its ID for address acquisition. The DHCP client sends a DHCP-RELEASE message for releasing the IP address obtained via DHCP, if the interface of the client is down, the message cannot be sent. ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] undo ip address dhcp-alloc Interface view client-identifier mac interface-type interface-number: Specifies the MAC address of an interface to be used as the client ID to obtain an IP address. # Configure VLAN-interface 1 to use DHCP for IP address acquisition. [Sysname] interface vlan-interface 1 78

86 [Sysname-Vlan-interface1] ip address dhcp-alloc 79

87 DHCP snooping configuration commands A DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server. It can work when it is between the DHCP client and relay agent or between the DHCP client and server. dhcp-snooping Use the dhcp-snooping command to enable DHCP snooping. Use the undo dhcp-snooping command to disable DHCP snooping. With DHCP snooping disabled, all ports can forward responses from any DHCP servers and does not record binding information about MAC addresses of DHCP clients and the obtained IP addresses. By default, DHCP snooping is disabled. Related commands: display dhcp-snooping. dhcp-snooping undo dhcp-snooping System view None # Enable DHCP snooping. [Sysname] dhcp-snooping dhcp-snooping binding database filename Use the dhcp-snooping binding database filename command to specify the name of the file for storing DHCP snooping entries. Use the undo dhcp-snooping binding database filename to restore the default. By default, no file name is specified. If no file with the specified name is found, the device will create the file automatically upon storing a DHCP snooping binding. 80

88 DHCP snooping entries are stored immediately after this command is used, and then updated at the interval set by the dhcp-snooping binding database update interval command. Related commands: dhcp-snooping binding database update interval. dhcp-snooping binding database filename filename undo dhcp-snooping binding database filename Parameter System view filename: Specifies the file name. To define the file name, see Fundamentals Configuration Guide. # Specify the name of the file for storing DHCP snooping entries as database.dhcp. [Sysname] dhcp-snooping binding database filename database.dhcp dhcp-snooping binding database update interval Use the dhcp-snooping binding database update interval command to set the interval at which the DHCP snooping entry file is refreshed. Use the undo dhcp-snooping binding database update interval command to restore the default. By default, the DHCP snooping entry file is not refreshed periodically. With this command configured, DHCP snooping will check bindings periodically. If a binding is added or removed during an interval, DHCP snooping will add or remove this binding to or from the file at the end of this interval. If no change occurs within the interval, DHCP snooping will not refresh the file. This command takes effect only when the DHCP snooping entry file is specified. Related commands: dhcp-snooping binding database filename. dhcp-snooping binding database update interval minutes undo dhcp-snooping binding database update interval System view 81

89 Parameter minutes: Specifies the refresh interval in minutes, ranging from 1 to # Configure the DHCP snooping entry file to be refreshed every 10 minutes. [Sysname] dhcp-snoooping binding database update interval 10 dhcp-snooping binding database update now Use the dhcp-snooping binding database update now command to store DHCP snooping entries to the file. DHCP snooping entries will be stored to the file each time this command is used. This command takes effect only when the DHCP snooping entry file is specified. Related commands: dhcp-snooping binding database filename. dhcp-snooping binding database update now System view None # Store DHCP snooping entries to the file. [Sysname] dhcp-snooping binding database update now dhcp-snooping check mac-address Use the dhcp-snooping check mac-address command to enable MAC address check on a DHCP snooping device. Use the undo dhcp-snooping check mac-address command to disable MAC address check of DHCP snooping. By default, this function is disabled. With this function enabled, the DHCP snooping device compares the chaddr field of a received DHCP request with the source MAC address field in the frame. If they are the same, the DHCP snooping device decides this request valid and forwards it to the DHCP server. If not, the DHCP request is discarded. 82

90 dhcp-snooping check mac-address undo dhcp-snooping check mac-address Layer 2 Ethernet port view, Layer 2 aggregate interface view None # Enable MAC address check of DHCP snooping. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping check mac-address dhcp-snooping check request-message Use the dhcp-snooping check request-message command to enable DHCP-REQUEST message check of DHCP snooping. Use the undo dhcp-snooping check request-message command to disable DHCP-REQUEST message check of the DHCP snooping. By default, this function is disabled. With this function enabled, upon receiving a DHCP-REQUEST message, a DHCP snooping device searches local DHCP snooping entries for the corresponding entry of the message. If an entry is found, the DHCP snooping device compares the entry with the message information. If they are consistent, the DHCP-REQUEST message is considered as valid lease renewal request and forwarded to the DHCP server. If they are not consistent, the messages is considered as forged lease renewal request and discarded. If no corresponding entry is found locally, the message is considered valid and forwarded to the DHCP server. dhcp-snooping check request-message undo dhcp-snooping check request-message Layer 2 Ethernet port view, Layer 2 aggregate interface view None 83

91 # Enable DHCP-REQUEST message check of DHCP snooping. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping check request-message dhcp-snooping information circuit-id format-type Use the dhcp-snooping information circuit-id format-type command to configure the code type for the non-user-defined circuit ID sub-option. Use the undo dhcp-snooping information circuit-id format-type command to restore the default. By default, the code type for the circuit ID sub-option depends on the padding format of Option 82. Each field has its own code type. This command applies to configuring the non-user-defined circuit ID sub-option only. After you configure the padding content for the circuit ID sub-option using the dhcp-snooping information circuit-id string command, ASCII is adopted as the code type. Related commands: display dhcp-snooping information. dhcp-snooping information circuit-id format-type { ascii hex } undo dhcp-snooping information circuit-id format-type Layer 2 Ethernet port view, Layer 2 aggregate interface view ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. # Configure the padding format for the non-user-defined circuit ID sub-option as ascii. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information circuit-id format-type ascii dhcp-snooping information circuit-id string Use the dhcp-snooping information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option. Use the undo dhcp-snooping information circuit-id string command to restore the default. 84

92 By default, the padding content for the circuit ID sub-option depends on the padding format of Option 82. After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type. If a VLAN is specified, the configured circuit ID sub-option only takes effect within the VLAN. If no VLAN is specified, the configured circuit ID sub-option takes effect in all VLANs. The former case has a higher priority. The circuit ID sub-option specified for a VLAN will be padded for packets within the VLAN. Related commands: dhcp-snooping information format and display dhcp-snooping information. dhcp-snooping information [ vlan vlan-id ] circuit-id string circuit-id undo dhcp-snooping information [ vlan vlan-id ] circuit-id string Layer 2 Ethernet port view, Layer 2 aggregate interface view vlan vlan-id: Specifies a VLAN ID, ranging from 1 to circuit-id: Specifies the padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. # Configure the padding content for the user-defined circuit ID sub-option as company001. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information circuit-id string company001 dhcp-snooping information enable Use the dhcp-snooping information enable command to configure DHCP snooping to support Option 82. Use the undo dhcp-snooping information enable command to disable this function. By default, DHCP snooping does not support Option 82. Related commands: display dhcp-snooping information. dhcp-snooping information enable undo dhcp-snooping information enable Layer 2 Ethernet port view, Layer 2 aggregate interface view 85

93 None # Configure DHCP snooping to support Option 82. [Sysname] interface GigabitEthernet1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information enable dhcp-snooping information format Use the dhcp-snooping information format command to specify the padding format for Option 82. Use the undo dhcp-snooping information format command to restore the default. By default, the padding format for Option 82 is normal. When you use the undo dhcp-snooping information format command, if the verbose node-identifier argument is not specified, the padding format will be restored to normal. If the verbose node-identifier argument is specified, the padding format will be restored to verbose with MAC address as the node identifier. Related commands: display dhcp-snooping information. dhcp-snooping information format { normal verbose [ node-identifier { mac sysname user-defined node-identifier } ] } undo dhcp-snooping information format Layer 2 Ethernet port view, Layer 2 aggregate interface view normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. node-identifier { mac sysname user-defined node-identifier }: Specifies access node identifier. By default, the node MAC address is used as the node identifier. mac indicates using MAC address as the node identifier. sysname indicates using the device name of a node as the node identifier. user-defined node-identifier indicates using a specified character string as the node identifier, in which node-identifier is a string of 1 to 50 characters. 86

94 # Specify the padding format as verbose for Option 82. [Sysname] interface GigabitEthernet1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information enable [Sysname-GigabitEthernet1/0/1] dhcp-snooping information strategy replace [Sysname-GigabitEthernet1/0/1] dhcp-snooping information format verbose dhcp-snooping information remote-id format-type Use the dhcp-snooping information remote-id format-type command to configure the code type for the non-user-defined remote ID sub-option. Use the undo dhcp-snooping information remote-id format-type command to restore the default. By default, the code type for the remote ID sub-option is HEX. This command applies to configuring a non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp-snooping information remote-id string command, ASCII is adopted as the code type. Related commands: display dhcp-snooping information. dhcp-snooping information remote-id format-type { ascii hex } undo dhcp-snooping information remote-id format-type Layer 2 Ethernet port view, Layer 2 aggregate interface view ascii: Specifies the code type for the remote ID sub-option as ascii. hex: Specifies the code type for the remote ID sub-option as hex. # Configure the code type for the non-user-defined remote ID sub-option as ascii. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information remote-id format-type ascii dhcp-snooping information remote-id string Use the dhcp-snooping information remote-id string command to configure the padding content for the user-defined remote ID sub-option. 87

95 Use the undo dhcp-snooping information remote-id string command to restore the default. By default, the padding content for the remote ID sub-option depends on the padding format of Option 82: After you configure the padding content for the remote ID sub-option using this command, ASCII is adopted as the code type. If a VLAN is specified, the configured remote ID sub-option only takes effect within the VLAN. If no VLAN is specified, the configured remote ID sub-option takes effect in all VLANs. The former case has a higher priority. The remote ID sub-option configured for a VLAN will be padded for the packets within the VLAN. If you want to specify the character string sysname (a case-insensitive character string) as the padding content for the remote ID sub-option, you need to use quotation marks to make it take effect. For example, if you want to specify Sysname as the padding content for the remote ID sub-option, you need to enter the dhcp relay information remote-id string Sysname command. Related commands: dhcp-snooping information format and display dhcp-snooping information. dhcp-snooping information [ vlan vlan-id ] remote-id string { remote-id sysname } undo dhcp-snooping information [ vlan vlan-id ] remote-id string Layer 2 Ethernet port view, Layer 2 aggregate interface view vlan vlan-id: Specifies a VLAN ID, ranging from 1 to remote-id: Specifies the padding content for the user-defined circuit ID sub-option, a case-sensitive string of 1 to 63 characters. sysname: Specifies the device name as the padding content for the remote ID sub-option. # Configure the padding content for the remote ID sub-option as device001. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information remote-id string device001 dhcp-snooping information strategy Use the dhcp-snooping information strategy command to configure the handling strategy for Option 82 in requesting messages. Use the undo dhcp-snooping information strategy command to restore the default. By default, the handling strategy for Option 82 in requesting messages is replace. Related commands: display dhcp-snooping information. 88

96 dhcp-snooping information strategy { drop keep replace } undo dhcp-snooping information strategy Layer 2 Ethernet port view, Layer 2 aggregate interface view drop: Drops the requesting message containing Option 82. keep: Forwards the requesting message containing Option 82 without changing Option 82. replace: Forwards the requesting message containing Option 82 after replacing the original Option 82 with the one padded in specified format. # Configure the handling strategy for Option 82 in requesting messages as keep. [Sysname] interface GigabitEthernet1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information enable [Sysname-GigabitEthernet1/0/1] dhcp-snooping information strategy keep dhcp-snooping trust Parameter Use the dhcp-snooping trust command to configure a port as a trusted port. Use the undo dhcp-snooping trust command to restore the default state of a port. All ports are untrusted by default. After enabling DHCP snooping, you need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. Related commands: display dhcp-snooping trust. dhcp-snooping trust [ no-user-binding ] undo dhcp-snooping trust Layer 2 Ethernet port view, Layer 2 aggregate interface view no-user-binding: Specifies the port not to record the clients IP-to-MAC bindings in DHCP requests it receives. The command without this keyword records the IP-to-MAC bindings of clients. 89

97 # Specify GigabitEthernet 1/0/1 as a trusted port and enable it to record the IP-to-MAC bindings of clients. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping trust display dhcp-snooping Use the display dhcp-snooping command to display DHCP snooping entries. Only the DHCP snooping entries containing IP-to-MAC bindings that are present both in the DHCP-ACK and DHCP-REQUEST messages are displayed by using the display dhcp-snooping command. Related commands: dhcp-snooping and reset dhcp-snooping. display dhcp-snooping [ ip ip-address ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level ip ip-address: Displays the DHCP snooping entries corresponding to the specified IP address. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all DHCP snooping entries. <Sysname> display dhcp-snooping DHCP Snooping is enabled. The client binding table for all untrusted ports. Type : D--Dynamic, S--Static, R--Recovering Type IP Address MAC Address Lease VLAN SVLAN Interface ==== =============== ============== ============ ==== ===== ================= D e0-fc GigabitEthernet1/0/ dhcp-snooping item(s) found

98 Table 16 Command output Field Type IP Address MAC Address Lease VLAN SVLAN Interface Entry type, which can be: D: Dynamic S: Static. Static DHCP snooping entries are not supported R: Specifies that the DHCP snooping entry is being restored through the DHCP snooping entry file, and the interface in the entry is invalid IP address assigned to the DHCP client MAC address of the DHCP client Lease period left (in seconds) Outer VLAN tag when DHCP snooping and QinQ are both enabled or the DHCP snooping device receives a packet with two VLAN tags; or VLAN where the port connecting the DHCP client resides Inner VLAN tag when DHCP snooping and QinQ are both enabled or the DHCP snooping device receives a packet with two VLAN tags; or N/A Port to which the DHCP client is connected display dhcp-snooping binding database Use the display dhcp-snooping binding database command to view DHCP snooping entry file information. display dhcp-snooping binding database [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the DHCP snooping entry file information. <Sysname> display dhcp-snooping binding database File name : flash:/database.dhcp 91

99 Update interval : 10 minutes Latest read time : Jul :38:22 Latest write time : Jul :38:24 Status : Last write succeeded. Table 17 Command output Field File name Update interval Latest read time Latest write time Status File name Interval at which the DHCP snooping entry file is refreshed The last time when the file is read The last time when the file is written Indicates whether the file was written successfully last time display dhcp-snooping information Use the display dhcp-snooping information command to display Option 82 configuration information on the DHCP snooping device. display dhcp-snooping information { all interface interface-type interface-number } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the Option 82 configuration information of all Layer 2 Ethernet ports. interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the Option 82 configuration information of all interfaces. <Sysname> display dhcp-snooping information all Interface: GigabitEthernet 1/0/1 92

100 Status: Enable Strategy: Replace Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc User defined: Circuit ID: company001 Interface: GigabitEthernet 1/0/2 Status: Disable Strategy: Keep Format: Normal Circuit ID format-type: HEX Remote ID format-type: ASCII User defined: Circuit ID: company001 Remote ID: device001 VLAN 10: VLAN 20: Circuit ID: Remote ID: device001 display dhcp-snooping packet statistics Use the display dhcp-snooping packet statistics command to display DHCP packet statistics on the DHCP snooping device. Related commands: reset dhcp-snooping packet statistics. display dhcp-snooping packet statistics [ slot slot-number ] [ { begin exclude include } regularexpression ] Any view 1: Monitor level slot slot-number: Displays the DHCP packet statistics of a specified IRF member switch. The slot-number argument specifies the ID of the IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. 93

101 exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters # Display DHCP packet statistics on the DHCP snooping device. <Sysname> display dhcp-snooping packet statistics DHCP packets received : 100 DHCP packets sent : 200 Packets dropped due to rate limitation : 20 Dropped invalid packets : 0 display dhcp-snooping trust Use the display dhcp-snooping trust command to display information about trusted ports. Related commands: dhcp-snooping trust. display dhcp-snooping trust [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about trusted ports. <Sysname> display dhcp-snooping trust DHCP Snooping is enabled. DHCP Snooping trust becomes active. Interface Trusted ========================= ============ GigabitEthernet1/0/1 Trusted The above output shows that DHCP snooping is enabled, DHCP snooping trust is active, and port GigabitEthernet 1/0/1 is trusted. 94

102 reset dhcp-snooping Use the reset dhcp-snooping command to clear DHCP snooping entries. Related commands: display dhcp-snooping. reset dhcp-snooping { all ip ip-address } User view all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entries of the specified IP address. # Clear all DHCP snooping entries. <Sysname> reset dhcp-snooping all reset dhcp-snooping packet statistics Parameter Use the reset dhcp-snooping packet statistics command to clear DHCP packet statistics on the DHCP snooping device. Related commands: display dhcp-snooping packet statistics. reset dhcp-snooping packet statistics [ slot slot-number ] User view 1: Monitor level slot slot-number: Clears the DHCP packet statistics on a specified IRF member switch. The slot-number argument specifies the ID of the IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. # Clear DHCP packet statistics on the DHCP snooping device. <Sysname> reset dhcp-snooping packet statistics 95

103 BOOTP client configuration commands BOOTP client configuration can only be used on Layer 3 Ethernet ports and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server display bootp client Use the display bootp client command to display related information about a BOOTP client. If interface interface-type interface-number is not specified, the command will display information about BOOTP clients on all interfaces. If interface interface-type interface-number is specified, the command will display information about the BOOTP client on the specified interface. display bootp client [ interface interface-type interface-number ] [ { begin exclude include } regularexpression ] Any view 1: Monitor level interface interface-type interface-number: Displays the BOOTP client information of the interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display related information of the BOOTP client on VLAN-interface 1. <Sysname> display bootp client interface vlan-interface 1 Vlan-interface1 BOOTP client information: Allocated IP: Transaction ID = 0x3d8a7431 Mac Address 00e0-fc0a-c3ef 96

104 Table 18 Command output Field Vlan-interface1 BOOTP client information Allocated IP Transaction ID Mac Address Information of the interface serving as a BOOTP client. IP address assigned to the BOOTP client. Value of the XID field in a BOOTP message, which is a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client will drop the BOOTP response. MAC address of a BOOTP client. ip address bootp-alloc Use the ip address bootp-alloc command to enable an interface to obtain an IP address through BOOTP. Use the undo ip address bootp-alloc command to disable the interface from obtaining an IP address through BOOTP. By default, an interface does not obtain an IP address through BOOTP. Related commands: display bootp client. ip address bootp-alloc undo ip address bootp-alloc Interface view None # Configure VLAN-interface 1 to obtain IP address through the BOOTP protocol. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address bootp-alloc 97

105 IPv4 DNS configuration commands The term interface in this document refers to Layer 3 interfaces, including VLAN interfaces and routemode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2 LAN Switching Configuration Guide). display dns domain Use the display dns domain command to view domain name suffixes. Related commands: dns domain. display dns domain [ dynamic ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display domain name suffixes. <Sysname> display dns domain Type: D:Dynamic S:Static No. Type Domain-name 1 S com Table 19 Command output Field No Sequence number 98

106 Field Type Domain-name Type of domain name suffix: S represents a statically configured domain name suffix, and D represents a domain name suffix obtained dynamically through DHCP Domain name suffix display dns host Use the display dns host command to view dynamic DNS cache information. Without any keyword specified, the dynamic DNS cache information of all query types will be displayed. Related commands: reset dns host. display dns host [ ip ipv6 naptr srv ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level ip: Displays the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. naptr: Displays the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name. srv: Displays the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the dynamic DNS cache information of all query types. <Sysname> display dns host No. Host TTL Type Reply Data 1 sample.com 3132 IP sample.net 2925 IPv6 FE80::4904:

107 3 sip.sample.com 3122 NAPTR u sip+e2u!^.*$!sip:info.se!i 4 website.tcp.sample.com 3029 SRV iis.sample.com Table 20 Command output Field No Host TTL Type Reply Data Sequence number Domain name for query Time that a mapping can be stored in the cache (in seconds) Query type, including IP, IPv6, NAPTR, and SRV Reply data concerning the query type: For an IP query, the reply data is an IPv4 address For an IPv6 query, the reply data is an IPv6 address For a NAPTR query, the reply data comprises order, preference, flags, services, regular expression, and replacement For an SRV query, the reply data comprises the priority, weight, port, and target domain name display dns server Use the display dns server command to view IPv4 DNS server information. Related commands: dns server. display dns server [ dynamic ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level dynamic: Displays the DNS server information dynamically obtained through DHCP or other protocols : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the IPv4 DNS server information. <Sysname> display dns server 100

108 Type: D:Dynamic S:Static DNS Server Type IP Address 1 S Table 21 Command output Field DNS Server Type IP Address Sequence number of the DNS server, configured automatically by the device, starting from 1 Type of domain name server: S represents a statically configured DNS server, and D represents a DNS server obtained dynamically through DHCP IPv4 address of the DNS server display ip host Use the display ip host command to view the host names and corresponding IPv4 addresses in the static domain name resolution table. display ip host [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the host names and corresponding IPv4 addresses in the static domain name resolution table. <Sysname> display ip host Host Age Flags Address My 0 static Aa 0 static

109 Table 22 Command output Field Host Age Flags Address Host name Time to live. 0 means that the static mapping will never age out You can only manually remove the static mappings between host names and IPv4 addresses Mapping type Static represents static IPv4 domain name resolution Host IPv4 address dns domain Parameter Use the dns domain command to configure a domain name suffix. The system can automatically add the suffix to part of the domain name you entered for resolution. Use the undo dns domain command to delete a domain name suffix (with a domain name suffix specified) or all domain name suffixes (with no domain name suffix specified). No domain name suffix is configured by default. Only the provided domain name is resolved. The domain name suffix configured with the dns domain command is applicable to both IPv4 DNS and IPv6 DNS. You can configure a maximum of 10 domain name suffixes. Related commands: display dns domain. dns domain domain-name undo dns domain [ domain-name ] System view domain-name: Specifies the domain name suffix, consisting of character strings separated by a dot (for example, aabbcc.com). Each separated string contains no more than 63 characters. A domain name suffix may include case-insensitive letters, digits, hyphens (-), underscores (_), and dots (.), with a total length of 238 characters. # Configure com as a DNS suffix. [Sysname] dns domain com 102

110 dns resolve Use the dns resolve command to enable dynamic domain name resolution. Use the undo dns resolve command to disable dynamic domain name resolution. Dynamic domain name resolution is disabled by default. This command is applicable to both IPv4 DNS and IPv6 DNS. dns resolve undo dns resolve System view None # Enable dynamic domain name resolution. dns server [Sysname] dns resolve Use the dns server command to specify a DNS server. Use the undo dns server to remove DNS servers. No DNS server is specified by default. You can configure up to six DNS servers, including those with IPv6 addresses, in system view, and up to six DNS servers on all interfaces of a device. A DNS server configured in system view has a higher priority than one configured in interface view. A DNS server configured earlier has a higher priority than one configured later in the same view. A DNS server manually configured has a higher priority than one dynamically obtained through DHCP. Running the undo dns server command in system view will delete all DNS servers configured in system view and interface view. Running the undo dns server ip-address command in system view or interface view will delete the specific DNS server in system view or interface view. Related commands: display dns server. In system view: 103

111 dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address Parameter ip host System view, interface view ip-address: Specifies the IPv4 address of the DNS server. # Specify the DNS server in system view. [Sysname] dns server Use the ip host command to create a host name to IPv4 address mapping in the static resolution table. Use the undo ip host command to remove a mapping. No mappings are created by default. Each host name can correspond to only one IPv4 address. The IPv4 address you last assign to the host name will overwrite the previous one if there is any. Related commands: display ip host. ip host hostname ip-address undo ip host hostname [ ip-address ] System view hostname: Specifies the host name, consisting of 1 to 255 characters, including case-insensitive letters, numbers, hyphens (-), underscores (_), or dots (.). The host name must include at least one letter. ip-address: Specifies the IPv4 address of the specified host in dotted decimal notation. 104

112 # Map the IP address to the host name aaa. [Sysname] ip host aaa reset dns host Use the reset dns host command to clear information of the dynamic DNS cache. Without any keyword specified, this command clears the dynamic DNS cache information of all query types. Related commands: display dns host. reset dns host [ ip ipv6 naptr srv ] User view ip: Clears the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. naptr: Clears the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name. srv: Clears the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site. # Clear the dynamic DNS cache information of all query types. <Sysname> reset dns host 105

113 IP performance optimization configuration commands display fib s The term interface in this document refers to Layer 3 interfaces, including VLAN interfaces and routemode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2 LAN Switching Configuration Guide). Use the display fib command to display FIB entries. If no parameters are specified, all FIB entries will be displayed. display fib [ acl acl-number ip-prefix ip-prefix-name ] [ { begin exclude include } regularexpression ] Any view 1: Monitor level acl acl-number: Displays FIB entries matching a specified ACL numbered from 2000 to If the specified ACL does not exist, all FIB entries are displayed. ip-prefix ip-prefix-name: Displays FIB entries matching a specified IP prefix list, a string of 1 to 19 characters. If the specified IP prefix list does not exist, all FIB entries are displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all FIB entries. <Sysname> display fib Destination count: 4 FIB entry count: 4 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static 106

114 R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token / U Vlan1 Null Invalid / UH InLoop0 Null Invalid / U InLoop0 Null Invalid / UH InLoop0 Null Invalid # Display FIB information matching ACL [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token / U Vlan1 Null Invalid / UH InLoop0 Null Invalid # Display all entries that contain the string 127 and start from the first one. <Sysname> display fib begin 127 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token / UH InLoop0 Null Invalid / U InLoop0 Null Invalid / UH InLoop0 Null Invalid # Display FIB information passing the IP prefix list abc0. [Sysname] ip ip-prefix abc0 permit [Sysname] display fib ip-prefix abc0 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token / U Vlan1 Null Invalid 107

115 Table 23 Command output Field Destination count FIB entry count Destination/Mask Nexthop Flag OutInterface InnerLabel Token Total number of destination addresses Total number of FIB entries Destination address/length of mask Next hop address Flags of routes: U Usable route G Gateway route H Host route B Blackhole route D Dynamic route S Static route R Relay route Outbound interface Inner label Link-state packet (LSP) index number display fib ip-address Use the display fib ip-address command to display FIB entries that match the specified destination IP address. If no mask or mask length is specified, the FIB entry that matches the destination IP address and has the longest mask will be displayed. If the mask is specified, the FIB entry that exactly matches the specified destination IP address will be displayed. display fib ip-address [ mask mask-length ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level ip-address: Destination IP address, in dotted decimal notation. mask: IP address mask. mask-length: Length of IP address mask. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. 108

116 begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the FIB entries that match the destination IP address of <Sysname> display fib Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token / UH InLoop0 Null Invalid For description about the output, see Table 23. display icmp statistics Use the display icmp statistics command to display ICMP statistics. Related commands: display ip interface and reset ip statistics. display icmp statistics [ slot slot-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level slot slot-number: Displays the ICMP statistics on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. 109

117 # Display ICMP statistics. <Sysname> display icmp statistics Input: bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output:echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replies 0 time exceeded 0 Table 24 Command output Field bad formats bad checksum echo destination unreachable source quench redirects echo reply parameter problem timestamp information request mask requests mask replies information reply time exceeded Number of input wrong format packets Number of input wrong checksum packets Number of input/output echo packets Number of input/output destination unreachable packets Number of input/output source quench packets Number of input/output redirection packets Number of input/output replies Number of input/output parameter problem packets Number of input/output time stamp packets Number of input information request packets Number of input/output mask requests Number of input/output mask replies Number of output information reply packets Number of input/output expiration packets display ip socket Use the display ip socket command to display socket information. display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] [ { begin exclude include } regular-expression ] 110

118 Any view 1: Monitor level socktype sock-type: Displays the socket information of this type. The sock type ranges from 1 to 3, corresponding to TCP, UDP, and raw IP, respectively. task-id: Displays the socket information of this task. Task ID ranges from 1 to 180. socket-id: Displays the information of the socket. Socket ID ranges from 0 to slot slot-number: Displays the socket information on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the TCP socket information. <Sysname> display ip socket SOCK_STREAM: Task = VTYD(38), socketid = 1, Proto = 6, LA = :23, FA = :0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = HTTP(36), socketid = 1, Proto = 6, LA = :80, FA = :0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT, socket state = SS_PRIV SS_NBIO Task = ROUT(69), socketid = 10, Proto = 6, LA = :179, FA = :0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT SO_SENDVPNID(0), socket state = SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 4, Proto = 6, 111

119 LA = :23, FA = :1917, sndbuf = 8192, rcvbuf = 8192, sb_cc = 237, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 3, Proto = 6, LA = :23, FA = :1503, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Task = ROUT(69), socketid = 11, Proto = 6, LA = :1025, FA = :179, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEADDR SO_LINGER SO_SENDVPNID(0), socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC SOCK_DGRAM: Task = NTPT(37), socketid = 1, Proto = 17, LA = :123, FA = :0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(0), socket state = SS_PRIV Task = AGNT(51), socketid = 1, Proto = 17, LA = :161, FA = :0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RDSO(56), socketid = 1, Proto = 17, LA = :1024, FA = :0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = TRAP(52), socketid = 1, Proto = 17, LA = :1025, FA = :0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = RDSO(56), socketid = 2, Proto = 17, LA = :1812, FA = :0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV 112

120 SOCK_RAW: Task = ROUT(69), socketid = 8, Proto = 89, LA = , FA = , sndbuf = , rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_ASYNC Task = ROUT(69), socketid = 3, Proto = 2, LA = , FA = , sndbuf = 32767, rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = ROUT(69), socketid = 2, Proto = 103, LA = , FA = , sndbuf = 65536, rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = ROUT(69), socketid = 1, Proto = 65, LA = , FA = , sndbuf = 32767, rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RSVP(73), socketid = 1, Proto = 46, LA = , FA = , sndbuf = , rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC Table 25 Command output Field SOCK_STREAM SOCK_DGRAM SOCK_RAW Task socketid Proto LA FA sndbuf rcvbuf TCP socket UDP socket Raw IP socket Task number Socket ID Protocol number of the socket, indicating the protocol type that IP carries Local address and local port number Remote address and remote port number Sending buffer size of the socket, in bytes Receiving buffer size of the socket, in bytes 113

121 Field sb_cc rb_cc socket option socket state Current data size in the sending buffer (available only for a TCP that can buffer data) Data size currently in the receiving buffer Socket option Socket state display ip statistics Use the display ip statistics command to display statistics of IP packets. Related commands: display ip interface and reset ip statistics. display ip statistics [ slot slot-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level slot slot-number: Displays the IP packet statistics on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display statistics of IP packets. <Sysname> display ip statistics Input: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output: forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment:input 0 output 0 114

122 dropped 0 fragmented 0 couldn't fragment 0 Reassembling:sum 0 timeouts 0 Table 26 Command output Field Input: Output: Fragment: Reassembling sum local bad protocol bad format bad checksum bad options forwarding local dropped no route compress fails input output dropped fragmented couldn't fragment sum timeouts Total number of packets received Total number of packets with destination being local Total number of unknown protocol packets Total number of packets with incorrect format Total number of packets with incorrect checksum Total number of packets with incorrect option Total number of packets forwarded Total number of packets sent from the local Total number of packets discarded Total number of packets for which no route is available Total number of packets failed to be compressed Total number of fragments received Total number of fragments sent Total number of fragments dropped Total number of packets successfully fragmented Total number of packets that failed to be fragmented Total number of packets reassembled Total number of reassembly timeout fragments display tcp statistics Use the display tcp statistics command to display statistics of TCP traffic. Related commands: display tcp status and reset tcp statistics. display tcp statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level 115

123 : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display statistics of TCP traffic. <Sysname> display tcp statistics Received packets: Total: 8457 packets in sequence: 3660 (5272 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 1 (8 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 17 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0 ACK packets: 4625 ( bytes) duplicate ACK packets: 1702, too much ACK packets: 0 Sent packets: Total: 6726 urgent packets: 0 control packets: 21 (including 0 RST) window probe packets: 0, window update packets: 0 data packets: 6484 ( bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 221 (177 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 1682, keepalive probe: 1682, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 22, established connections: 22 Closed connections: 49 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 27 Command output Field Received Total Total number of packets received 116

124 Field packets: Sent packets: packets in sequence window probe packets window update packets checksum error offset error short error duplicate packets partially duplicate packets out-of-order packets packets of data after window packets received after close ACK packets duplicate ACK packets too much ACK packets Total urgent packets control packets window probe packets window update packets data packets data packets retransmitted ACK-only packets Number of packets arriving in sequence Number of window probe packets received Number of window update packets received Number of checksum error packets received Number of offset error packets received Number of received packets with length being too small Number of completely duplicate packets received Number of partially duplicate packets received Number of out-of-order packets received Number of packets outside the receiving window Number of packets that arrived after connection is closed Number of ACK packets received Number of duplicate ACK packets received Number of ACK packets for data unsent Total number of packets sent Number of urgent packets sent Number of control packets sent Number of window probe packets sent; in the brackets are resent packets Number of window update packets sent Number of data packets sent Number of data packets retransmitted Number of ACK packets sent; in brackets are delayed ACK packets Retransmitted timeout connections dropped in retransmitted timeout Keepalive timeout keepalive probe Keepalive timeout, so connections disconnected Initiated connections accepted connections established connections Number of retransmission timer timeouts Number of connections broken due to retransmission timeouts Number of keepalive timer timeouts Number of keepalive probe packets sent Number of connections broken due to timeout of the keepalive timer Number of connections initiated Number of connections accepted Number of connections established 117

125 Field Closed connections Packets dropped with MD5 authentication Packets permitted with MD5 authentication Number of connections closed; in brackets are connections closed accidentally (before receiving SYN from the peer) and connections closed initiatively (after receiving SYN from the peer) Number of packets dropped by MD5 authentication Number of packets permitted by MD5 authentication display udp statistics Use the display udp statistics command to display statistics of UDP packets. Related commands: reset udp statistics. display udp statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display statistics of UDP packets. <Sysname> display udp statistics Received packets: Total: 0 checksum error: 0 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: 118

126 Total: 0 Table 28 Command output Field Received packets: Total checksum error shorter than header data length larger than packet unicast(no socket on port) broadcast/multicast(no socket on port) not delivered, input socket full input packets missing pcb cache Total number of UDP packets received Total number of packets with incorrect checksum Number of packets with data shorter than head Number of packets with data longer than packet Number of unicast packets with no socket on port Number of broadcast/multicast packets without socket on port Number of packets not delivered to an upper layer due to a full socket cache Number of packets without matching protocol control block (PCB) cache Sent packets: Total Total number of UDP packets sent ip forward-broadcast (interface view) Parameter Use the ip forward-broadcast command to enable the interface to forward directed broadcasts to a directly connected network. Use the undo ip forward-broadcast command to disable the interface from forwarding directed broadcasts to a directly connected network. By default, an interface is disabled from forwarding directed broadcasts to a directly connected network. ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast Interface view acl acl-number: Specifies the ACL number, ranging from 2000 to Numbers between 2000 and 2999 are for basic ACLs, and between 3000 and 3999 are for advanced ACLs. Only directed broadcasts permitted by the ACL can be forwarded. 119

127 # Enable VLAN-interface 2 to forward the directed broadcasts to a directly-connected network matching ACL [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ip forward-broadcast acl 2001 ip forward-broadcast (system view) Use the ip forward-broadcast command to enable the switch to receive directed broadcasts. Use the undo ip forward-broadcast command to disable the switch from receiving directed broadcasts. By default, the switch is disabled from receiving directed broadcast. ip forward-broadcast undo ip forward-broadcast System view None # Enable the switch to receive directed broadcasts. [Sysname] ip forward-broadcast ip redirects enable Use the ip redirects enable command to enable sending of ICMP redirection packets. Use the undo ip redirects command to disable sending of ICMP redirection packets. This feature is disabled by default. ip redirects enable undo ip redirects System view 120

128 None # Enable sending of ICMP redirect packets. [Sysname] ip redirects enable ip ttl-expires enable Use the ip ttl-expires enable command to enable sending of ICMP timeout packets. Use the undo ip ttl-expires command to disable sending of ICMP timeout packets. Sending ICMP timeout packets is disabled by default. If the feature is disabled, the device will not send TTL timeout ICMP packets, but still send reassembly timeout ICMP packets. ip ttl-expires enable undo ip ttl-expires System view None # Enable sending of ICMP timeout packets. [Sysname] ip ttl-expires enable ip unreachables enable Use the ip unreachables enable command to enable sending of ICMP destination unreachable packets. Use the undo ip unreachables command to disable sending of ICMP destination unreachable packets. Sending ICMP destination unreachable packets is disabled by default. 121

129 ip unreachables enable undo ip unreachables System view None # Enable sending of ICMP destination unreachable packets. [Sysname] ip unreachables enable reset ip statistics Parameter Use the reset ip statistics command to clear statistics of IP packets. Related commands: display ip statistics and display ip interface. reset ip statistics [ slot slot-number ] User view 1: Monitor level slot slot-number: Clears the IP packet statistics on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. # Clear statistics of IP packets. <Sysname> reset ip statistics reset tcp statistics Use the reset tcp statistics command to clear statistics of TCP traffic. 122

130 Related commands: display tcp statistics. reset tcp statistics User view 1: Monitor level None # Display statistics of TCP traffic. <Sysname> reset tcp statistics reset udp statistics Use the reset udp statistics command to clear statistics of UDP traffic. reset udp statistics User view 1: Monitor level None # Display statistics of UDP traffic. <Sysname> reset udp statistics tcp path-mtu-discovery Use the tcp path-mtu-discovery command to enable TCP path MTU discovery. Use the undo tcp path-mtu-discovery command to disable TCP path MTU discovery, and disable all running path MTU timers. New TCP connections do not perform TCP path MTU discovery, but existing TCP connections can still use TCP path MTU discovery. By default, TCP path MTU discovery is disabled. 123

131 tcp path-mtu-discovery [ aging minutes no-aging ] undo tcp path-mtu-discovery System view aging minutes: Specifies the aging time of the path MTU, ranging from 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Indicates not to age out the path MTU. # Enable TCP path MTU discovery and set the path MTU age timer to 20 minutes. [Sysname] tcp path-mtu-discovery aging 20 tcp timer fin-timeout Parameter Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default. By default, the length of the TCP finwait timer is 675 seconds. The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer 75) + configured length of the synwait timer Related commands: tcp timer syn-timeout and tcp window. tcp timer fin-timeout time-value undo tcp timer fin-timeout System view time-value: Specifies the TCP finwait timer in seconds, ranging from 76 to # Set the length of the TCP finwait timer to 800 seconds. 124

132 [Sysname] tcp timer fin-timeout 800 tcp timer syn-timeout Use the tcp timer syn-timeout command to configure the length of the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default. By default, the value of the TCP synwait timer is 75 seconds. Related commands: tcp timer fin-timeout and tcp window. tcp timer syn-timeout time-value undo tcp timer syn-timeout System view Parameter time-value: Specifies the TCP synwait timer in seconds, ranging from 2 to 600. # Set the length of the TCP synwait timer to 80 seconds. [Sysname] tcp timer syn-timeout 80 tcp window Use the tcp window command to configure the size of the TCP send/receive buffer. Use the undo tcp window command to restore the default. The size of the TCP send/receive buffer is 8 KB by default. Related commands: tcp timer fin-timeout and tcp timer syn-timeout. tcp window window-size undo tcp window System view 125

133 Parameter window-size: Specifies the size of the send/receive buffer in KB, ranging from 1 to 32. # Configure the size of the TCP send/receive buffer as 3 KB. [Sysname] tcp window 3 126

134 UDP Helper configuration commands display udp-helper server Use the display udp-helper server command to view information of forwarded UDP packets on the specified interface or all interfaces. If interface-type interface-number is not specified, this command displays the information of forwarded UDP packets on all interfaces. display udp-helper server [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view interface interface-type interface-number: Displays information of forwarded UDP packets on a specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the information of forwarded UDP packets on the interface VLAN-interface 1. <Sysname> display udp-helper server interface vlan-interface 1 Interface name Server address Packets sent Vlan-interface The output shows that the IP address of the destination server corresponding to the interface VLANinterface 1 is , and that no packets are forwarded to the destination server. reset udp-helper packet Use the reset udp-helper packet command to clear the statistics of forwarded UDP packets. 127

135 Related commands: display udp-helper server. reset udp-helper packet User view 1: Monitor level None # Clear the statistics of the forwarded UDP packets. <Sysname> reset udp-helper packet udp-helper enable Use the udp-helper enable command to enable UDP Helper. A device enabled with UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server. Use the undo udp-helper enable command to disable UDP Helper. By default, UDP Helper is disabled. udp-helper enable undo udp-helper enable System view None # Enable UDP Helper [Sysname] udp-helper enable 128

136 udp-helper port Use the udp-helper port command to enable the forwarding of packets with the specified UDP port number. Use the undo udp-helper port command to remove the configured UDP port numbers. By default, no UDP port number is specified. You can configure up to 256 UDP ports on a device. All of the specified UDP port numbers will be removed if UDP Helper is disabled. udp-helper port { port-number dns netbios-ds netbios-ns tacacs tftp time } undo udp-helper port { port-number dns netbios-ds netbios-ns tacacs tftp time } System view port-number: Specifies the UDP port number with which packets need to be forwarded, ranging from 1 to 65,535 (except 67 and 68). dns: Forwards DNS data packets. The corresponding UDP port number is 53. netbios-ds: Forwards NetBIOS data packets. The corresponding UDP port number is 138. netbios-ns: Forwards NetBIOS name service data packets. The corresponding UDP port number is 137. tacacs: Forwards terminal access controller access control system (TACACS) data packet. The corresponding UDP port number is 49. tftp: Forwards TFTP data packets. The corresponding UDP port number is 69. time: Forwards time service data packets. The corresponding UDP port number is 37. # Forward broadcast packets with the UDP destination port number 100. [Sysname] udp-helper port 100 udp-helper server Use the udp-helper server command to specify the destination server to which UDP packets are forwarded. Use the undo udp-helper server command to remove the destination server. No destination server is configured by default. 129

137 You can configure up to 20 destination servers on an interface. Without the ip-address argument, the undo udp-helper server command removes all the destination servers on an interface. Related commands: display udp-helper server. udp-helper server ip-address undo udp-helper server [ ip-address ] Interface view Parameter ip-address: Specifies the IP address of the destination server, in dotted decimal notation. # Specify the IP address of the destination server as on the interface VLAN-interface 100. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] udp-helper server

138 IPv6 basics configuration commands The term interface in this document refers to Layer 3 interfaces, including VLAN interfaces and routemode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2 LAN Switching Configuration Guide). display ipv6 fib Use the display ipv6 fib command to display IPv6 FIB entries. If no argument is specified, all IPv6 FIB entries will be displayed. The device looks up a matching IPv6 FIB entry for forwarding an IPv6 packet. display ipv6 fib [ acl6 acl6-number ipv6-prefix ipv6-prefix-name ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level acl6 acl6-number: Displays the IPv6 FIB entries permitted by a specified ACL. The ACL number ranges from 2000 to If the specified ACL does not exist, all IPv6 FIB entries are displayed. ipv6-prefix ipv6-prefix-name: Displays the IPv6 FIB entries matching a specified prefix list. The ipv6-prefixname argument is a case-sensitive string of 1 to 19 characters. If the specified prefix list does not exist, all IPv6 FIB entries are displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all IPv6 FIB entries. <Sysname> display ipv6 fib FIB Table: Total number of Routes : 1 Flag: 131

139 U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static Destination: ::1 PrefixLength : 128 NextHop : ::1 Flag : HU Label : NULL Token : 0 Interface : InLoopBack0 Table 29 Command output Field Total number of Routes Destination PrefixLength NextHop Flag Label Token Interface Total number of routes in the FIB Destination address Prefix length of the destination address Next hop Route flag: U Usable route G Gateway route H Host route B Black hole route D Dynamic route S Static route Label LSP index number Outgoing interface display ipv6 fib ipv6-address Use the display ipv6 fib ipv6-address command to view the IPv6 FIB entry of the specified destination IPv6 address. Without the prefix-length argument specified, this command displays the matching IPv6 FIB entry with the longest prefix. With the prefix-length argument specified, this command displays the IPv6 FIB entry exactly matching the specified destination IPv6 address and prefix length. display ipv6 fib ipv6-address [ prefix-length ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level 132

140 ipv6-address: Specifies the destination IPv6 address. prefix-length: Specifies the Prefix length of the destination IPv6 address, ranging from 0 to 128. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the matching IPv6 FIB entry with the longest prefix. <Sysname> display ipv6 fib ::1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static Destination: ::1 PrefixLength : 128 NextHop : ::1 Flag : HU Label : NULL Token : 0 Interface : InLoopBack0 Table 30 Command output Field Total number of Routes Destination PrefixLength NextHop Flag Label Token Interface Total number of routes in the FIB Destination address Prefix length of the destination address Next hop Route flag: U Usable route G Gateway route H Host route B Black hole route D Dynamic route S Static route Label LSP index number Outgoing interface 133

141 display ipv6 interface s Use the display ipv6 interface command to view the IPv6 information of an interface. If interface-type interface-number is not specified, the IPv6 information of all interfaces is displayed. If only interface-type is specified, the IPv6 information of the interfaces of the specified type is displayed. If interface-type interface-number is specified, the IPv6 information of the specified interface is displayed. If the brief keyword is also specified, the brief IPv6 information of the interface is displayed. display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level interface-type: Specifies the interface type. interface-number: Specifies the interface number. brief: Displays the brief IPv6 information of an interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the IPv6 information of VLAN-interface 2. <Sysname> display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::1234:56FF:FE65:4322 Global unicast address(es): 2001::1, subnet is 2001::/64 10::1234:56FF:FE65:4322, subnet is 10::/64 [AUTOCFG] [valid lifetime 4641s/preferred lifetime 4637s] Joined group address(es): FF02::1:FF00:1 FF02::1:FF65:

142 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 0 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 31 Command output Field Vlan-interface2 current state Physical state of the interface: Administratively DOWN Indicates that the VLAN interface is down administratively; the interface is shut down by using the shutdown command DOWN Indicates that the VLAN interface is up administratively, but its physical state is down; no ports in the VLAN are up due to a connection or link failure UP Indicates that the administrative and physical states of the VLAN interface are both up 135

143 Field Line protocol current state IPv6 is enabled link-local address Global unicast addresses valid lifetime preferred lifetime Joined group addresses MTU ND DAD is enabled, number of DAD attempts ND reachable time ND retransmit interval Hosts use stateless autoconfig for addresses InReceives InTooShorts InTruncatedPkts InHopLimitExceeds InBadHeaders InBadOptions ReasmReqds ReasmOKs InFragDrops Link layer protocol state of the interface: DOWN Indicates that the link layer protocol state of the VLAN interface is down UP Indicates that the link layer protocol state of the VLAN interface is up IPv6 packet forwarding state of the interface (after an IPv6 address is configured for an interface, IPv6 is enabled on it automatically; IPv6 packet forwarding is enabled in the example) Link-local address configured for the interface Global unicast addresses configured for the interface Valid lifetime of the global unicast address obtained through stateless autoconfiguration Preferred lifetime of the global unicast address obtained through stateless autoconfiguration Addresses of multicast groups that the interface has joined Maximum transmission unit of the interface Whether DAD is enabled. In this example, DAD is enabled: If DAD is enabled, the number of attempts to send a Neighbor Solicitation (NS) message for DAD (configured by using the ipv6 nd dad attempts command) is also displayed If DAD is disabled, ND DAD is disabled is displayed (you can disable DAD by setting the number of attempts to send an NS message for DAD to 0) Time that a neighboring node is considered reachable after reachability has been confirmed Interval for retransmitting an NS message Hosts use stateless autoconfiguration mode to acquire IPv6 addresses All IPv6 packets received by the interface, including all types of error packets. Received IPv6 packets that are too short, with a length less than 40 bytes, for example. Received IPv6 packets with a length less than that specified in the packets Received IPv6 packets with a hop count exceeding the limit Received IPv6 packets with bad basic headers Received IPv6 packets with bad extension headers Received IPv6 fragments Number of packets after reassembly rather than the number of fragments IPv6 fragments discarded due to certain error 136

144 Field InFragTimeouts OutFragFails InUnknownProtos InDelivers OutRequests OutForwDatagrams InNoRoutes InTooBigErrors OutFragOKs OutFragCreates InMcastPkts InMcastNotMembers OutMcastPkts InAddrErrors InDiscards OutDiscards IPv6 fragments discarded because the interval for which they had stayed in the system buffer exceeded the specified period Packets failed in fragmentation on the outbound interface Received IPv6 packets with unknown or unsupported protocol type Received IPv6 packets that were delivered to application layer protocols (such as ICMPv6, TCP, and UDP) Local IPv6 packets sent by IPv6 application protocols Packets forwarded by the outbound interface IPv6 packets that were discarded because no matched route can be found IPv6 packets that were discarded because they exceeded the PMTU Packets that were fragmented on the outbound interface Number of packet fragments after fragmentation on the outbound interface IPv6 multicast packets received on the interface Incoming IPv6 multicast packets that were discarded because the interface did not belong to the corresponding multicast groups IPv6 multicast packets sent by the interface IPv6 packets that were discarded due to invalid destination addresses Received IPv6 packets that were discarded due to resource problems rather than packet content errors Sent packets that were discarded due to resource problems rather than packet content errors # Display the brief IPv6 information of all interfaces. <Sysname> display ipv6 interface brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Vlan-interface1 down down Unassigned Vlan-interface2 up up 2001::1 Vlan-interface100 up down Unassigned Table 32 Command output Field *down: administratively down The interface is down. The interface is shut down by using the shutdown command. 137

145 Field (s): spoofing Interface Physical Protocol IPv6 Address Spoofing attribute of the interface. The link protocol state of the interface is up, but the link does not exist, or the link is established on demand, instead of being permanent. Name of the interface Physical state of the interface: *down Indicates that the VLAN interface is down administratively. The interface is shut down using the shutdown command. down Indicates that the VLAN interface is up administratively, but its physical state is down. No port in the VLAN is up due to a connection or link failure. up Indicates that the administrative and physical states of the VLAN interface are both up. Link layer protocol state of the interface: down Indicates that the network layer protocol state of the VLAN interface is down. up Indicates that the network layer protocol state of the VLAN interface is up. IPv6 address of the interface. Only the first of configured IPv6 addresses is displayed. If no address is configured for the interface, Unassigned will be displayed. display ipv6 nd snooping Use the display ipv6 nd snooping command to display ND snooping entries. If no parameter is specified, this command displays all ND snooping entries. display ipv6 nd snooping [ ipv6-address vlan vlan-id ] [ { begin exclude include } regularexpression ] Any view 1: Monitor level ipv6-address: Specifies an IPv6 address. vlan vlan-id: Displays ND snooping entries in the specified VLAN whose ID ranges from 1 to : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. 138

146 exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the ND snooping entries of VLAN 1. <Sysname> display ipv6 nd snooping vlan 1 IPv6 Address MAC Address VID Interface Aging Status 4001:: e944-a947 1 GE1/0/1 25 Bound ---- Total entries on VLAN 1: Table 33 Command output Field IPv6 Address MAC Address VID Interface Aging Status IPv6 address of an ND snooping entry MAC address of an ND snooping entry VLAN ID Receiving port of an ND snooping entry Aging time of an ND snooping entry, in minutes ND snooping entry status, which can be Bound or Probe Total entries on VLAN 1 Total number of ND snooping entries of VLAN 1 display ipv6 neighbors Use the display ipv6 neighbors command to display neighbor information. You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Related commands: ipv6 neighbor, reset ipv6 neighbors. display ipv6 neighbors { { ipv6-address all dynamic static } [ slot slot-number ] interface interfacetype interface-number vlan vlan-id } [ { begin exclude include } regular-expression ] Any view 1: Monitor level ipv6-address: Specifies the IPv6 address whose neighbor information is to be displayed. all: Displays information of all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks. dynamic: Displays information of all neighbors acquired dynamically. 139

147 s static: Displays information of all neighbors configured statically. slot slot-number: Displays the neighbor information on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. interface interface-type interface-number: Displays information of the neighbors of a specified interface. vlan vlan-id: Displays information of the neighbors of a specified VLAN whose ID ranges from 1 to : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all neighbor information. <Sysname> display ipv6 neighbors all Type: S-Static D-Dynamic IPv6 Address Link-layer VID Interface State T Age FE80::200:5EFF:FE32:B e32-b800 N/A GE1/0/1 REACH S - # Display the detailed information of all neighbors. Table 34 Command output Field IPv6 Address Link-layer VID Interface State Type Age IPv6 address of a neighbor Link layer address (MAC address) of a neighbor VLAN to which the interface connected with a neighbor belongs Interface connected with a neighbor State of a neighbor: INCMP Address is being resolved; the link layer address of the neighbor is unknown REACH Neighbor is reachable STALE Reachability of the neighbor is unknown; the device will not verify the reachability any longer unless data is sent to the neighbor DELAY Reachability of the neighbor is unknown; the device sends an NS message after a delay PROBE Reachability of the neighbor is unknown; the device sends an NS message to verify the reachability of the neighbor Type of neighbor information, including static configuration (represented by S) and dynamic acquisition (represented by D) For a static entry, a hyphen (-) is displayed. For a dynamic entry, the reachable time (in seconds) elapsed is displayed, and if it is never reachable, a number sign (#) is displayed (for a neighbor acquired dynamically) 140

148 display ipv6 neighbors count Use the display ipv6 neighbors count command to view the total number of neighbor entries satisfying the specified condition. display ipv6 neighbors { { all dynamic static } [ slot slot-number ] interface interface-type interfacenumber vlan vlan-id } count [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. dynamic: Displays the total number of all neighbor entries acquired dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries on a specified IRF member switch. The slotnumber argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. interface interface-type interface-number: Displays the total number of neighbor entries of a specified interface. vlan vlan-id: Displays the total number of neighbor entries of a specified VLAN whose ID ranges from 1 to : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the total number of neighbor entries acquired dynamically. <Sysname> display ipv6 neighbors dynamic count Total dynamic entry(ies): 2 141

149 display ipv6 pathmtu Use the display ipv6 pathmtu command to view IPv6 PMTU information. display ipv6 pathmtu { ipv6-address all dynamic static } [ { begin exclude include } regularexpression ] Any view 1: Monitor level ipv6-address: Destination IPv6 address for which the PMTU information is to be displayed. all: Displays all PMTU information on the public network. dynamic: Displays all dynamic PMTU information. static: Displays all static PMTU information. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all PMTU information. <Sysname> display ipv6 pathmtu all IPv6 Destination Address ZoneID PathMTU Age Type fe80:: Dynamic 2222:: Static Table 35 Command output Field IPv6 Destination Address ZoneID PathMTU Age Destination IPv6 address ID of address zone, currently invalid PMTU value on the network path to an IPv6 address Time for a PMTU to live For a static PMTU, two consecutive hyphens (--) are displayed 142

150 Field Type Indicates that the PMTU is dynamically negotiated or statically configured display ipv6 socket Use the display ipv6 socket command to display socket information. With no parameter specified, this command displays the information about all the sockets; with only the socket type specified, the command displays the information about sockets of the specified type; with the socket type, task ID and socket ID specified, the command displays the information about the specified socket. display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] [ slot slot-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level socktype socket-type: Displays the socket information of this type. The socket type ranges from 1 to 3. The value 1 represents a TCP socket, 2 a UDP socket, and 3 a raw socket. task-id: Displays the socket information of the task. The task ID ranges from 1 to 100. socket-id: Displays the information of the socket. The socket ID ranges from 0 to slot slot-number: Displays the socket information on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the information of all sockets. <Sysname> display ipv6 socket SOCK_STREAM: Task = VTYD(14), socketid = 4, Proto = 6, 143

151 LA = ::->22, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID, socket state = SS_PRIV SS_ASYNC Task = VTYD(14), socketid = 3, Proto = 6, LA = ::->23, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID, socket state = SS_PRIV SS_ASYNC SOCK_DGRAM: Task = AGNT(51), socketid = 2, Proto = 17, LA = ::->161, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEPORT, socket state = SS_PRIV SS_NBIO SS_ASYNC Task = TRAP(52), socketid = 2, Proto = 17, LA = ::->1024, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option =, socket state = SS_PRIV SOCK_RAW: Task = ROUT(86), socketid = 5, Proto = 89, LA = ::, FA = ::, sndbuf = , rcvbuf = , sb_cc = 0, rb_cc = 0, socket option = SO_REUSEADDR, socket state = SS_PRIV SS_ASYNC Table 36 Command output Field SOCK_STREAM SOCK_DGRAM SOCK_RAW Task socketid Proto LA FA sndbuf rcvbuf sb_cc TCP socket UDP socket Raw IP socket Task name and ID of the created socket ID assigned by the kernel to the created socket Protocol type, for example, 6 indicates TCP and 17 indicates UDP Local address and local port number Remote address and remote port number Size of the send buffer Size of the receive buffer Number of bytes sent by the send buffer 144

152 Field rb_cc socket option Number of bytes received by the receive buffer Socket option set by the application: SO_ACCEPTCONN Detects connection request at the server end SO_REUSEADDR Allows for reuse of a local address SO_REUSEPORT Allows for reuse of a local port socket state State of the socket display ipv6 statistics Use the display ipv6 statistics command to display statistics of IPv6 packets and ICMPv6 packets. You can use the reset ipv6 statistics command to clear all IPv6 and ICMPv6 packet statistics. display ipv6 statistics [ slot slot-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level slot slot-number: Displays the IPv6 and ICMPv6 packets statistics on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the statistics of IPv6 packets and ICMPv6 packets. <Sysname> display ipv6 statistics IPv6 Protocol: Sent packets: Total: 0 Local sent out: 0 forwarded: 0 145

153 raw packets: 0 discarded: 0 routing failed: 0 fragments: 0 fragments failed: 0 Received packets: Total: 0 local host: 0 hopcount exceeded: 0 format error: 0 option error: 0 protocol error: 0 fragments: 0 reassembled: 0 reassembly failed: 0 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router renumbering: 0 Send failed: ratelimited: 0 other errors: 0 Received packets: Total: 0 checksum error: 0 too short: 0 bad code: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router renumbering: 0 unknown info type: 0 Deliver failed: bad length: 0 ratelimited: 0 Table 37 Command output Field IPv6 Protocol: Statistics of IPv6 packets 146

154 Field Sent packets: Total: 0 Local sent out: 0 forwarded: 0 raw packets: 0 discarded: 0 routing failed: 0 fragments: 0 fragments failed: 0 Received packets: Total: 0 local host: 0 hopcount exceeded: 0 format error: 0 option error: 0 protocol error:0 fragments: 0 reassembled: 0 reassembly failed: 0 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert 0 redirected: 0 router renumbering: 0 Send failed: ratelimited: 0 other errors: 0 Statistics of sent IPv6 packets: Total number of packets sent and forwarded locally Number of packets sent locally Number of forwarded packets Number of packets sent via raw socket Number of discarded packets Number of packets failing to be routed Number of sent fragment packets Number of fragments failing to be sent Statistics of received IPv6 packets: Total number of received packets Number of packets received locally Number of packets exceeding the hop limit Number of packets in an incorrect format Number of packets with incorrect options Number of packets with incorrect protocol Number of received fragment packets Number of reassembled packets Number of packets failing to be reassembled Number of packets whose reassembly times out Statistics of ICMPv6 packets Statistics of sent ICMPv6 packets: Total number of sent packets Number of Destination Unreachable packets Number of Packet Too Big packets Number of Hop Limit Exceeded packets Number of Fragment Reassembly Time Exceeded packets Number of Parameter Problem packets Number of Echo Request packets Number of Echo Reply packets Number of neighbor solicitation packets Number of neighbor advertisement packets Number of router solicitation packets Number of router advertisement packets Number of Redirect packets Number of RR packets Number of packets failing to be sent due to rate limitation Number of packets with other errors 147

155 Field Received packets: Total: 0 checksum error: 0 too short: 0 bad code: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert 0 redirected: 0 router renumbering 0 unknown info type: 0 Deliver failed: bad length: 0 ratelimited: 0 Statistics of received ICMPv6 packets: Total number of received packets Number of packets with checksum errors Number of too small packets Number of packets with error codes Number of Destination Unreachable packets Number of Packet Too Big packets Number of Hop Limit Exceeded packets Number of Fragment Reassembly Times Exceeded packets Number of Parameter Problem packets Number of packets with unknown errors Number of Echo Request packets Number of Echo Reply packets Number of neighbor solicitation messages Number of neighbor advertisement packets Number of router solicitation packets Number of router advertisement packets Number of Redirect packets Number of RR packets Number of unknown type of packets Number of packets with a incorrect size Number of packets failing to be received due to rate limitation display tcp ipv6 statistics Use the display tcp ipv6 statistics command to display IPv6 TCP connection statistics. You can use the reset tcp ipv6 statistics command to clear statistics of all IPv6 TCP packets. display tcp ipv6 statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. 148

156 exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the statistics of IPv6 TCP connections. <Sysname> display tcp ipv6 statistics Received packets: Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 0 (0 bytes) duplicate ACK packets: 0, too much ACK packets: 0 Sent packets: Total: 0 urgent packets: 0 control packets: 0 (including 0 RST) window probe packets: 0, window update packets: 0 data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes) ACK only packets: 0 (0 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 149

157 Table 38 Command output Field Received packets: Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0 window update packets: 0 checksum error: 0 offset error: 0 short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 0 (0 bytes) duplicate ACK packets: 0 too much ACK packets: 0 Sent packets: Total: 0 urgent packets: 0 control packets: 0 (including 0 RST) window probe packets: 0 window update packets: 0 data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes) ACK only packets: 0 (0 delayed) Retransmitted timeout connections dropped in retransmitted timeout Keepalive timeout keepalive probe Keepalive timeout, so connections disconnected Initiated connections accepted connections established connections Closed connections Statistics of received packets: Total number of received packets Number of packets received in sequence Number of window probe packets Number of window size update packets Number of packets with checksum errors Number of packets with offset errors Number of packets whose total length is less than specified by the packet header Number of duplicate packets Number of partially duplicate packets Number of out-of-order packets Number of packets exceeding the size of the receiving window Number of packets received after the connection is closed Number of ACK packets Number of duplicate ACK packets Number of excessive ACK packets Statistics of sent packets: Total number of packets Number of packets containing an urgent indicator Number of control packets Number of window probe packets Number of window update packets Number of data packets Number of retransmitted packets Number of ACK packets Number of packets whose retransmission times out Number of connections dropped because of retransmission timeout Number of keepalive timeouts Number of keepalive probes Number of connections dropped because of keepalive response timeout Number of initiated connections Number of accepted connections Number of established connections Number of closed connections 150

158 Field dropped initiated dropped Packets dropped with MD5 authentication Packets permitted with MD5 authentication Number of dropped connections (after SYN is received from the peer) Number of initiated but dropped connections (before SYN is received from the peer) Number of packets that fail the MD5 authentication and are dropped Number of packets that pass the MD5 authentication display tcp ipv6 status Use the display tcp ipv6 status command to view the IPv6 TCP connection status, including the IPv6 TCP control block address, local and peer IPv6 addresses, and status of the IPv6 TCP connection. display tcp ipv6 status [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the IPv6 TCP connection status. <Sysname> display tcp ipv6 status *: TCP6 MD5 Connection TCP6CB Local Address Foreign Address State 045d8074 ::->21 ::->0 Listening Table 39 Command output Field *: TCP6 MD5 Connection TCP6CB The asterisk (*) indicates that the TCP6 connection is secured with MD5 authentication. IPv6 TCP control block address (hexadecimal) 151

159 Field Local Address Foreign Address State Local IPv6 address Remote IPv6 address IPv6 TCP connection status: Closed Listening Syn_Sent Syn_Rcvd Established Close_Wait Fin_Wait1 Closing Last_Ack Fin_Wait2 Time_Wait display udp ipv6 statistics Use the display udp ipv6 statistics command to view statistics of IPv6 UDP packets. You can use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. display udp ipv6 statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the statistics information of IPv6 UDP packets. <Sysname> display udp ipv6 statistics Received packets: Total: 0 checksum error: 0 152

160 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 40 Command output Field Total checksum error shorter than header data length larger than packet unicast(no socket on port) broadcast/multicast(no socket on port) not delivered, input socket full input packet missing pcb cache Total number of received/sent packets Total number of packets with a checksum error Total number of IPv6 UDP packets whose total length is less than that specified by the packet header Total number of packets whose data length exceeds that specified by the packet header Total number of received unicast packets without any socket Total number of received broadcast/multicast packets without any socket Number of packets not handled because of the receive buffer being full Number of packets failing to match the PCB cache ipv6 Use the ipv6 command to enable IPv6. Use the undo ipv6 command to disable IPv6. By default, IPv6 is disabled. ipv6 undo ipv6 System view None # Enable IPv6. 153

161 [Sysname] ipv6 ipv6 address Use the ipv6 address command to configure an IPv6 global unicast address for an interface. Use the undo ipv6 address command to remove the IPv6 address from the interface. By default, no global unicast address is configured for an interface. Except for the link-local address automatically obtained and the link-local address generated through stateless autoconfiguration, all IPv6 addresses will be removed from the interface if the undo ipv6 address command is executed without any parameter specified. ipv6 address { ipv6-address prefix-length ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length ipv6-address/prefix-length ] Interface view ipv6-address: Specifies the IPv6 address. prefix-length: Specifies the prefix length of the IPv6 address, ranging from 1 to 128. # Set the global IPv6 unicast address of VLAN-interface 100 to 2001::1 with prefix length 64. Method I: [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 Method II: [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1 64 ipv6 address anycast Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface. Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. By default, no IPv6 anycast address is configured for an interface. 154

162 ipv6 address ipv6-address/prefix-length anycast undo ipv6 address ipv6-address/prefix-length anycast Parameter Interface view ipv6-address/prefix-length: Specifies an IPv6 anycast address and its prefix length. The prefix length ranges 1 to 128. # Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 anycast ipv6 address auto Use the ipv6 address auto command to enable the stateless address autoconfiguration function on the interface. With this function enabled, the interface can automatically generate a global unicast address. Use the undo ipv6 address auto command to disable this function. The stateless address autoconfiguration function is disabled by default. After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically, which can be removed only by executing the undo ipv6 address auto command. ipv6 address auto undo ipv6 address auto Interface view None # Enable stateless address autoconfiguration on VLAN-interface 100. [Sysname] interface vlan-interface

163 [Sysname-Vlan-interface100] ipv6 address auto ipv6 address auto link-local Use the ipv6 address auto link-local command to generate a link-local address automatically for an interface. Use the undo ipv6 address auto link-local command to remove the automatically-generated link-local address for the interface. By default, no link-local address is configured on an interface, and a link-local address will be automatically generated after a global IPv6 unicast address is configured for the interface. After an IPv6 global unicast address is configured for an interface, a link-local address is generated automatically. The automatically-generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. The undo ipv6 address auto link-local command can only remove the link-local addresses generated through the ipv6 address auto link-local command. After the undo ipv6 address auto link-local command is used on an interface that has an IPv6 global unicast address configured, the interface still has a link-local address. If the interface has no IPv6 global unicast address configured, it will have no link-local address. Manual assignment takes precedence over automatic generation. If you first adopt automatic generation and then manual assignment, the manually assigned link-local address will overwrite the automatically-generated address. If you first use manual assignment and then automatic generation, the automatically-generated link-local address will not take effect and the link-local address of an interface is still the manually assigned address. If you delete the manually assigned address, the automatically-generated link-local address is validated. For more information about manual assignment of an IPv6 link-local address, see the ipv6 address link-local command. ipv6 address auto link-local undo ipv6 address auto link-local Interface view None # Configure VLAN-interface 100 to automatically generate a link-local address. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address auto link-local 156

164 ipv6 address eui-64 Parameter Use the ipv6 address eui-64 command to configure an EUI-64 IPv6 address for an interface. Use the undo ipv6 address eui-64 command to remove the configured EUI-64 IPv6 address for the interface. By default, no EUI-64 IPv6 address is configured for an interface. An EUI-64 IPv6 address is generated based on the specified prefix and the automatically-generated interface identifier and is displayed by using the display ipv6 interface command. The prefix length of an EUI-64 IPv6 address cannot be greater than 64. ipv6 address ipv6-address/prefix-length eui-64 undo ipv6 address ipv6-address/prefix-length eui-64 Interface view ipv6-address/prefix-length: Specifies the IPv6 address and IPv6 prefix. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. # Configure an EUI-64 IPv6 address for VLAN-interface 100. The prefix length of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 eui-64 ipv6 address link-local Use the ipv6 address link-local command to configure a link-local address for the interface. Use the undo ipv6 address link-local command to remove the configured link-local address for the interface. Manual assignment takes precedence over automatic generation. If you first adopt automatic generation and then manual assignment, the manually assigned link-local address will overwrite the automaticallygenerated one. If you first adopt manual assignment and then automatic generation, the automaticallygenerated link-local address will not take effect and the link-local address of an interface is still the manually assigned one. If you delete the manually assigned address, the automatically-generated linklocal address is validated. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command. 157

165 ipv6 address ipv6-address link-local undo ipv6 address ipv6-address link-local Parameter Interface view ipv6-address: Specifies the IPv6 link-local address. The first 10 bits of an address must be (binary). The first group of hexadecimals in the address must be FE80 to FEBF. # Configure a link-local address for VLAN-interface 100. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address fe80::1 link-local ipv6 hoplimit-expires enable Use the ipv6 hoplimit-expires enable command to enable the sending of ICMPv6 Time Exceeded packets. Use the undo ipv6 hoplimit-expires command to disable the sending of ICMPv6 Time Exceeded packets. By default, the sending of ICMPv6 Time Exceeded packets is enabled. After you disable the sending of ICMPv6 Time Exceeded packets, the device will still send Fragment Reassembly Time Exceeded packets. ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires System view None # Disable the sending of ICMPv6 Time Exceeded packets. [Sysname] undo ipv6 hoplimit-expires 158

166 ipv6 icmp-error Use the ipv6 icmp-error command to configure the size and update period of the token bucket. Use the undo ipv6 icmp-error command to restore the defaults. By default, the size is 10 and the update period is 100 milliseconds. A maximum of 10 ICMPv6 error packets can be sent within 100 milliseconds. ipv6 icmp-error { bucket bucket-size ratelimit interval } * undo ipv6 icmp-error System view bucket bucket-size: Specifies the number of tokens in the token bucket, ranging from 1 to 200. ratelimit interval: Specifies the update period of the token bucket in milliseconds, ranging from 0 to 2,147,483,647. The update period 0 indicates that the number of ICMPv6 error packets sent is not restricted. # Set the capacity of the token bucket to 50 and the update period to 100 milliseconds. [Sysname] ipv6 icmp-error bucket 50 ratelimit 100 ipv6 icmpv6 multicast-echo-reply enable Use the ipv6 icmpv6 multicast-echo-reply enable command to enable replying to multicast echo requests. Use the undo ipv6 icmpv6 multicast-echo-reply command to disable replying to multicast echo requests. By default, the device is disabled from replying to multicast echo requests. ipv6 icmpv6 multicast-echo-reply enable undo ipv6 icmpv6 multicast-echo-reply System view 159

167 None # Enable replying to multicast echo requests. [Sysname] ipv6 icmpv6 multicast-echo-reply enable ipv6 nd autoconfig managed-address-flag Use the ipv6 nd autoconfig managed-address-flag command to set the managed address configuration (M) flag to 1 so that the host can acquire an IPv6 address through stateful autoconfiguration (for example, from a DHCP server). Use the undo ipv6 nd autoconfig managed-address-flag command to restore the default. By default, the M flag is set to 0 so that the host can acquire an IPv6 address through stateless autoconfiguration. ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Interface view None # Configure the host to acquire an IPv6 address through stateful autoconfiguration. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag Use the ipv6 nd autoconfig other-flag command to set the other stateful configuration flag (O) to 1 so that the host can acquire information other than IPv6 address through stateful autoconfiguration (for example, from a DHCP server). Use the undo ipv6 nd autoconfig other-flag command to restore the default. By default, the O flag is set to 0 so that the host can acquire other information through stateless autoconfiguration. 160

168 ipv6 nd autoconfig other-flag undo ipv6 nd autoconfig other-flag Interface view None # Configure the host to acquire information other than IPv6 address through stateless autoconfiguration. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] undo ipv6 nd autoconfig other-flag ipv6 nd dad attempts Parameter Use the ipv6 nd dad attempts command to configure the number of attempts to send an NS message for DAD. Use the undo ipv6 nd dad attempts command to restore the default. By default, the number of attempts to send an NS message for DAD is 1. Related commands: display ipv6 interface. ipv6 nd dad attempts value undo ipv6 nd dad attempts Interface view value: Specifies the number of attempts to send an NS message for DAD, ranging from 0 to 600. The default value is 1. When it is set to 0, DAD is disabled. # Set the number of attempts to send an NS message for DAD to 20. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd dad attempts

169 ipv6 nd hop-limit Parameter Use the ipv6 nd hop-limit command to configure the hop limit advertised by the device. Use the undo ipv6 nd hop-limit command to restore the default hop limit. By default, the hop limit advertised by the device is 64. ipv6 nd hop-limit value undo ipv6 nd hop-limit System view value: Specifies the number of hops, ranging from 0 to 255. When it is set to 0, the Hop Limit field in RA messages sent by the device is 0. The number of hops is determined by the requesting device itself. # Set the hop limit advertised by the device to 100. [Sysname] ipv6 nd hop-limit 100 ipv6 nd ns retrans-timer Use the ipv6 nd ns retrans-timer command to set the interval for retransmitting an NS message. The local interface retransmits an NS message at intervals of this value. Furthermore, the Retrans Timer field in RA messages sent by the local interface is equal to this value. Use the undo ipv6 nd ns retrans-timer command to restore the default. By default, the local interface sends NS messages at an interval of 1000 millisecond and the Retrans Timer field in the RA messages sent is 0, so that the interval for retransmitting an NS message is determined by the receiving device. Related commands: display ipv6 interface. ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Interface view 162

170 Parameter value: Specifies the interval for retransmitting an NS message in milliseconds, ranging from 1000 to 4,294,967,295. # Specify VLAN-interface 100 to retransmit NS messages at intervals of 10,000 milliseconds. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ns retrans-timer ipv6 nd nud reachable-time Parameter Use the ipv6 nd nud reachable-time command to configure the neighbor reachable time on an interface. This time value serves as not only the neighbor reachable time on the local interface, but also the value of the Reachable Time field in RA messages sent by the local interface. Use the undo ipv6 nd nud reachable-time command to restore the default. By default, the neighbor reachable time on the local interface is 30,000 milliseconds and the value of the Reachable Time field in RA messages is 0, so that the reachable time is determined by the receiving device. Related commands: display ipv6 interface. ipv6 nd nud reachable-time value undo ipv6 nd nud reachable-time Interface view value: Specifies the neighbor reachable time in milliseconds, ranging from 1 to 3,600,000. # Set the neighbor reachable time on VLAN-interface 100 to 10,000 milliseconds. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd nud reachable-time

171 ipv6 nd ra halt Use the ipv6 nd ra halt command to enable RA message suppression. Use the undo ipv6 nd ra halt command to disable RA message suppression. By default, RA messages are suppressed. ipv6 nd ra halt undo ipv6 nd ra halt Interface view None # Suppress RA messages on VLAN-interface 100. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra halt ipv6 nd ra interval Use the ipv6 nd ra interval command to set the maximum and minimum intervals for advertising RA messages. The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval. Use the undo ipv6 nd ra interval command to restore the default. By default, the maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds. NOTE: The minimum interval should be three-fourths of the maximum interval or less. The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. ipv6 nd ra interval max-interval-value min-interval-value undo ipv6 nd ra interval 164

172 Interface view max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, ranging from 4 to min-interval-value: Specifies the minimum interval for advertising RA messages in seconds, ranging from 3 to # Set the maximum interval for advertising RA messages to 1,000 seconds and the minimum interval to 700 seconds. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra interval ipv6 nd ra no-advlinkmtu Use the ipv6 nd ra no-advlinkmtu command to turn off the MTU option in RA messages. Use the undo ipv6 nd ra no-advlinkmtu command to restore the default. By default, RA messages contain the MTU option. ipv6 nd ra no-advlinkmtu undo ipv6 nd ra no-advlinkmtu Interface view None # Turn off the MTU option in RA messages on VLAN-interface 100. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu 165

173 ipv6 nd ra prefix Use the ipv6 nd ra prefix command to configure the prefix information in RA messages. Use the undo ipv6 nd ra prefix command to remove the prefix information from RA messages. By default, no prefix information is configured in RA messages and the IPv6 address of the interface sending RA messages is used as the prefix information with valid lifetime 2,592,000 seconds (that is, 30 days) and preferred lifetime 604,800 seconds (that is, 7 days). ipv6 nd ra prefix { ipv6-prefix prefix-length ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig off-link ] * undo ipv6 nd ra prefix { ipv6-prefix ipv6-prefix/prefix-length } Interface view ipv6-prefix: Specifies the IPv6 prefix. prefix-length: Specifies the prefix length of the IPv6 address. valid-lifetime: Specifies the valid lifetime of a prefix in seconds, ranging from 0 to 4,294,967,295. preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration in seconds, ranging from 0 to 4,294,967,295. no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If this keyword is not provided, the prefix is used for stateless autoconfiguration. off-link: Indicates that the address with the prefix is not directly reachable on the link. If this keyword is not provided, the address with the prefix is directly reachable on the link. # Configure the prefix information for RA messages on VLAN-interface 100. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/ ipv6 nd ra router-lifetime Use the ipv6 nd ra router-lifetime command to configure the router lifetime in RA messages. Use the undo ipv6 nd ra router-lifetime command to restore the default. By default, the router lifetime in RA messages is 1800 seconds. The router lifetime in RA messages should be greater than or equal to the advertising interval. 166

174 ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime Parameter Interface view value: Specifies the router lifetime in seconds, ranging from 0 to When it is set to 0, the device does not serve as the default router. # Set the router lifetime in RA messages on VLAN-interface 100 to 1000 seconds. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra router-lifetime 1000 ipv6 nd snooping enable Use the ipv6 nd snooping enable command to enable ND snooping. Use the undo ipv6 nd snooping enable command to restore the default. By default, ND snooping is disabled. ipv6 nd snooping enable undo ipv6 nd snooping enable VLAN view None # Enable ND snooping for VLAN 1. [Sysname] vlan 1 [Sysname-vlan1] ipv6 nd snooping enable 167

175 ipv6 nd snooping max-learning-num Parameter s Use the ipv6 nd snooping max-learning-num command to configure the maximum number of ND snooping entries that can be learned on the interface. Use the undo ipv6 nd snooping max-learning-num command to restore the default. By default, the number of ND snooping entries that an interface can learn is not limited. ipv6 nd snooping max-learning-num number undo ipv6 nd snooping max-learning-num Layer 2 Ethernet port view, Layer 2 aggregate interface view number: Specifies the maximum number of ND snooping entries that can be learned by the interface, ranging from 0 to # Set the maximum number of ND snooping entries that can be learned on Layer 2 Ethernet port GigabitEthernet 1/0/1 to [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ipv6 nd snooping max-learning-num 1000 # Set the maximum number of ND snooping entries that can be learned on Layer 2 aggregate interface 1 to [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] ipv6 nd snooping max-learning-num 1000 ipv6 neighbor Use the ipv6 neighbor command to configure a static neighbor entry. Use the undo ipv6 neighbor command to remove a static neighbor entry. You can use a Layer 3 VLAN interface or a Layer 2 port in the VLAN to configure a static neighbor entry. If the first method is used, the neighbor entry is in the INCMP state. After the device obtains the corresponding Layer 2 port information, the neighbor entry will go into the REACH state. If the second method is used, the corresponding VLAN interface must exist and the port specified by port-type port-number must belong to the VLAN specified by vlan-id. After the static neighbor entry 168

176 is configured, the device will relate the VLAN interface with the IPv6 address to identify the static neighbor entry uniquely and the entry will be in the REACH state. To remove a static neighbor entry, you only need to specify the corresponding VLAN interface and the neighbor address. Related commands: display ipv6 neighbors. ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number interface interface-type interface-number } undo ipv6 neighbor ipv6-address interface-type interface-number undo ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number interface interface-type interface-number } System view ipv6-address: Specifies the IPv6 address of the static neighbor entry. mac-address: Specifies the MAC address of the static neighbor entry (48 bits long, in the format of H-H- H). vlan-id: Specifies the VLAN ID of the static neighbor entry, ranging from 1 to port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number. interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number. # Configure a static neighbor entry for Layer 2 port GigabitEthernet 1/0/1 of VLAN 100. [Sysname] ipv6 neighbor 2000::1 fe-e GigabitEthernet 1/0/1 ipv6 neighbor stale-aging Use the ipv6 neighbor stale-aging command to set the age timer for ND entries in stale state. Use the undo ipv6 neighbor stale-aging command to restore the default. By default, the age timer for ND entries in stale state is four hours. ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging 169

177 Parameter System view aging-time: Specifies the age timer for ND entries in stale state, ranging from 1 to 24 hours. # Set the age timer for ND entries in stale state to two hours. [Sysname] ipv6 neighbor stale-aging 2 ipv6 neighbors max-learning-num Parameter Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically learned on the interface. Use the undo ipv6 neighbors max-learning-num command to restore the default. By default, a Layer 2 interface does not limit the number of neighbors dynamically learned. A Layer 3 interface can learn up to 4096 neighbors dynamically. ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num Layer 2 Ethernet port view, Layer 3 Ethernet port view, VLAN interface view, Layer 2 aggregate interface view, number: Specifies the maximum number of neighbors that can be dynamically learned by the interface, ranging from 1 to # Set the maximum number of neighbors that can be dynamically learned on VLAN-interface 100 to 10. [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 neighbors max-learning-num

178 ipv6 pathmtu Use the ipv6 pathmtu command to configure a static PMTU for a specified IPv6 address. Use the undo ipv6 pathmtu command to remove the PMTU configuration for a specified IPv6 address. By default, no static PMTU is configured. ipv6 pathmtu ipv6-address [ value ] undo ipv6 pathmtu ipv6-address System view ipv6-address: Specifies the IPv6 address. value: Specifies the PMTU of a specified IPv6 address, ranging from 1280 to 10,000 bytes. # Configure a static PMTU for a specified IPv6 address. [Sysname] ipv6 pathmtu fe80:: ipv6 pathmtu age Use the ipv6 pathmtu age command to configure the aging time for a dynamic PMTU. Use the undo ipv6 pathmtu age command to restore the default. By default, the aging time is 10 minutes. The aging time is invalid for a static PMTU. Related commands: display ipv6 pathmtu. ipv6 pathmtu age age-time undo ipv6 pathmtu age System view 171

179 Parameter age-time: Specifies the aging time for PMTU in minutes, ranging from 10 to 100. # Set the aging time for a dynamic PMTU to 40 minutes. [Sysname] ipv6 pathmtu age 40 ipv6 prefer temporary-address Use the ipv6 prefer temporary-address command to configure the system to generate and preferably use the temporary IPv6 address of the sending interface as the source address of the packet to be sent. Use the undo ipv6 prefer temporary-address command to disable the system from generating temporary IPv6 addresses and remove existing temporary IPv6 addresses. By default, the system does not generate or use any temporary IPv6 address. Note the following: Configure the valid lifetime greater than (or equal to) the preferred lifetime. Enable stateless address autoconfiguration before configuring this function. The preferred lifetime of a temporary IPv6 address takes the value of the preferred lifetime of the address prefix, or the value of the preferred lifetime you configure for temporary IPv6 addresses minus DESYNC_FACTOR (which is a random number ranging 0 to 600, in seconds), whichever is smaller. The valid lifetime of a temporary IPv6 address takes the value of the valid lifetime of the address prefix, or the value of the valid lifetime you configure for temporary IPv6 addresses, whichever is smaller. ipv6 prefer temporary-address [ valid-lifetime preferred-lifetime ] undo ipv6 prefer temporary-address System view valid-lifetime: Specifies the valid lifetime of temporary IPv6 addresses in seconds, ranging from 600 to 4,294,967,295. The default valid lifetime is 604,800 seconds, that is, seven days. preferred-lifetime: Specifies the preferred lifetime of temporary IPv6 addresses in seconds, ranging from 600 to 4,294,967,295. The default valid lifetime is 86,400 seconds, that is, one day. # Configure the system to generate and preferably use the temporary IPv6 address of the sending interface as the source address of the packet to be sent. 172

180 [Sysname] ipv6 prefer temporary-address ipv6 unreachables enable Use the ipv6 unreachables enable command to enable sending of ICMPv6 destination unreachable packets. Use the undo ipv6 unreachables command to disable sending of ICMPv6 destination unreachable packets. By default, sending of ICMPv6 destination unreachable packets is disabled. ipv6 unreachables enable undo ipv6 unreachables System view None # Enable sending of ICMPv6 destination unreachable packets. [Sysname] ipv6 unreachables enable reset ipv6 nd snooping Use the reset ipv6 nd snooping command to clear ND snooping entries. If no parameter is specified, this command clears all ND snooping entries. reset ipv6 nd snooping [ ipv6-address vlan vlan-id ] User view ipv6-address: Clears the ND snooping entries of the specified IPv6 address. 173

181 vlan vlan-id: Clears the ND snooping entries of the specified VLAN. The VLAN ID ranges 1 to # Clear all ND snooping entries on VLAN 1. <Sysname> reset ipv6 nd snooping vlan 1 reset ipv6 neighbors s Use the reset ipv6 neighbors command to clear IPv6 neighbor information. You can use the display ipv6 neighbors command to view current IPv6 neighbor information. reset ipv6 neighbors { all dynamic interface interface-type interface-number slot slot-number static } User view all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears dynamic neighbor information on a specified interface. slot slot-number: Clears the dynamic neighbor information on a specified IRF member switch. The slotnumber argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. static: Clears static neighbor information on all interfaces. # Clear neighbor information on all interfaces. <Sysname> reset ipv6 neighbors all # Clear dynamic neighbor information on all interfaces. <Sysname> reset ipv6 neighbors dynamic # Clear all neighbor information on GigabitEthernet 1/0/1. <Sysname> reset ipv6 neighbors interface GigabitEthernet 1/0/1 reset ipv6 pathmtu Use the reset ipv6 pathmtu the command to clear the PMTU information. 174

182 reset ipv6 pathmtu { all static dynamic } User view all: Clears all PMTUs. static: Clears all static PMTUs. dynamic: Clears all dynamic PMTUs. # Clear all PMTUs. <Sysname> reset ipv6 pathmtu all reset ipv6 statistics Parameter Use the reset ipv6 statistics command to clear the statistics of IPv6 packets and ICMPv6 packets. You can use the display ipv6 statistics command to view statistics of IPv6 and ICMPv6 packets. reset ipv6 statistics [ slot slot-number ] User view 1: Monitor level slot slot-number: Clears the IPv6 and ICMPv6 packets statistics on a specified IRF member switch. The slotnumber argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. # Clear the statistics of IPv6 packets and ICMPv6 packets. <Sysname> reset ipv6 statistics reset tcp ipv6 statistics Use the reset tcp ipv6 statistics command to clear the statistics of all IPv6 TCP connections. 175

183 You can use the display tcp ipv6 statistics command to view statistics of IPv6 TCP connections. reset tcp ipv6 statistics User view 1: Monitor level None # Clear the statistics of all IPv6 TCP connections. <Sysname> reset tcp ipv6 statistics reset udp ipv6 statistics Use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. You can use the display udp ipv6 statistics command to view statistics of IPv6 UDP packets. reset udp ipv6 statistics User view 1: Monitor level None # Clear the statistics of all IPv6 UDP packets. <Sysname> reset udp ipv6 statistics tcp ipv6 timer fin-timeout Use the tcp ipv6 timer fin-timeout command to set the finwait timer for IPv6 TCP connections. Use the undo tcp ipv6 timer fin-timeout command to restore the default. By default, the length of the finwait timer is 675 seconds. 176

184 tcp ipv6 timer fin-timeout wait-time undo tcp ipv6 timer fin-timeout System view Parameter wait-time: Specifies the finwait timer for IPv6 TCP connections in seconds, ranging from 76 to # Set the finwait timer length of IPv6 TCP connections to 800 seconds. [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Use the tcp ipv6 timer syn-timeout command to set the synwait timer for IPv6 TCP connections Use the undo tcp ipv6 timer syn-timeout command to restore the default. By default, the length of the synwait timer of IPv6 TCP connections is 75 seconds. tcp ipv6 timer syn-timeout wait-time undo tcp ipv6 timer syn-timeout System view Parameter wait-time: Specifies the synwait timer for IPv6 TCP connections in seconds, ranging from 2 to 600. # Set the synwait timer length of IPv6 TCP connections to 100 seconds. [Sysname] tcp ipv6 timer syn-timeout 100 tcp ipv6 window Use the tcp ipv6 window command to set the size of the IPv6 TCP send/receive buffer. 177

185 Use the undo tcp ipv6 window command to restore the default. By default, the size of the IPv6 TCP send/receive buffer is 8 KB. tcp ipv6 window size undo tcp ipv6 window System view Parameter size: Specifies the size of the IPv6 TCP send/receive buffer in KB (kilobyte), ranging from 1 to 32. # Set the size of the IPv6 TCP send/receive buffer to 4 KB. [Sysname] tcp ipv6 window 4 178

186 DHCPv6 configuration commands DHCPv6 common configuration commands display ipv6 dhcp duid Use the display ipv6 dhcp duid command to view DUID of the local device. display ipv6 dhcp duid [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the DUID of the device. <Sysname> display ipv6 dhcp duid The DUID of this device: e0-fc DHCPv6 relay agent configuration commands display ipv6 dhcp relay server-address Use the display ipv6 dhcp relay server-address command to display information about DHCPv6 server addresses specified on the DHCPv6 relay agent. display ipv6 dhcp relay server-address { all interface interface-type interface-number } [ { begin exclude include } regular-expression ] 179

187 s Any view 1: Monitor level all: Displays all DHCPv6 server address information. interface interface-type interface-number: Displays DHCPv6 server address information of the specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all the DHCPv6 server address information. <Sysname> display ipv6 dhcp relay server-address all Interface: Vlan2 Server address(es) 1::1 FF02::1:2 Output Interface Vlan4 Interface: Vlan3 Server address(es) 1::1 FF02::1:2 Output Interface Vlan4 # Display DHCPv6 server address information of VLAN-interface 2. <Sysname> display ipv6 dhcp relay server-address interface vlan-interface 2 Interface: Vlan2 Server address(es) Output Interface 1::1 FF02::1:2 Vlan4 Table 41 Command output Field Interface Server addresses Output Interface Interface that serves as the DHCPv6 relay agent DHCPv6 server addresses specified on the interface Outgoing interface of DHCPv6 packets 180

188 display ipv6 dhcp relay statistics Use the display ipv6 dhcp relay statistics command to display packet statistics on the DHCPv6 relay agent. Related commands: reset ipv6 dhcp relay statistics. display ipv6 dhcp relay statistics [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display packet statistics on the DHCPv6 relay agent. <Sysname> display ipv6 dhcp relay statistics Packets dropped : 4 Error : 4 Excess of rate limit : 0 Packets received : 14 SOLICIT : 0 REQUEST : 0 CONFIRM : 0 RENEW : 0 REBIND : 0 RELEASE : 0 DECLINE : 0 INFORMATION-REQUEST : 7 RELAY-FORWARD : 0 RELAY-REPLY : 7 Packets sent : 14 ADVERTISE : 0 RECONFIGURE : 0 REPLY : 7 RELAY-FORWARD : 7 181

189 RELAY-REPLY : 0 Table 42 Command output Field Packets dropped Error Excess of rate limit Packets received SOLICIT REQUEST CONFIRM RENEW REBIND RELEASE DECLINE INFORMATION-REQUEST RELAY-FORWARD RELAY-REPLY Packets sent ADVERTISE RECONFIGURE REPLY RELAY-FORWARD RELAY-REPLY Number of discarded packets Number of discarded error packets Number of packets discarded due to excess of rate limit Number of received packets Number of received solicit packets Number of received request packets Number of received confirm packets Number of received renew packets Number of received rebind packets Number of received release packets Number of received decline packets Number of received information request packets Number of received relay-forward packets Number of received relay-reply packets Number of sent packets Number of sent advertise packets Number of sent reconfigure packets Number of sent reply packets Number of sent Relay-forward packets Number of sent Relay-reply packets ipv6 dhcp relay server-address Use the ipv6 dhcp relay server-address command to enable DHCPv6 relay agent on the interface and specify a DHCPv6 server. Use the undo ipv6 dhcp relay server-address command to remove the DHCPv6 server from the interface. By default, DHCPv6 relay agent is disabled and no DHCPv6 server is specified on the interface. Upon receiving a request from a DHCPv6 client, the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay-forward message and forwards the message to the specified DHCPv6 server, which then assigns an IPv6 address and other configuration parameters to the DHCPv6 client. Executing the ipv6 dhcp relay server-address command repeatedly can specify multiple DHCPv6 servers, and up to eight DHCP servers can be specified for an interface. After receiving requests from DHCPv6 clients, the DHCPv6 relay agent forwards the requests to all the specified DHCPv6 servers. 182

190 If the DHCPv6 server address is a link-local address or link-scoped multicast address on the local link, you must specify an outgoing interface. If no outgoing interface is specified, DHCPv6 packets may fail to be forwarded to the DHCPv6 server. After you remove all the specified DHCPv6 servers from an interface with the undo ipv6 dhcp relay server-address command, DHCPv6 relay agent is disabled on the interface. An interface cannot serve as a DHCPv6 client and DHCPv6 relay agent at the same time. Related commands: display ipv6 dhcp relay server-address. ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] undo ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] Interface view ipv6-address: Specifies the IPv6 address of the DHCPv6 server. interface interface-type interface-number: Specifies an outgoing interface for DHCPv6 packets. # Enable DHCPv6 relay agent on VLAN-interface 2, and specify the DHCPv6 server address as 2001:1::3. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp relay server-address 2001:1::3 reset ipv6 dhcp relay statistics Use the reset ipv6 dhcp relay statistics command to clear packets statistics on the DHCPv6 relay agent. After this command is executed, the packets statistics is displayed as 0 when you use the display ipv6 dhcp relay statistics command. Related commands: display ipv6 dhcp relay statistics. reset ipv6 dhcp relay statistics User view 1: Monitor level 183

191 None # Clear packet statistics on the DHCPv6 relay agent. <Sysname> reset ipv6 dhcp relay statistics DHCPv6 client configuration commands display ipv6 dhcp client s Use the display ipv6 dhcp client command to display DHCPv6 client information. With no parameters specified, the DHCPv6 client information of all the interfaces is displayed. display ipv6 dhcp client [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level interface interface-type interface-number: Displays the DHCPv6 client information of a specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the DHCPv6 client information of VLAN-interface 2. <Sysname> display ipv6 dhcp client interface vlan-interface 2 Vlan-interface2 is in stateless DHCPv6 client mode State is OPEN Preferred Server: Reachable via address DUID DNS servers : 1:2:3::5 Domain names : FE80::213:7FFF:FEF6:C818 : ff6c818 1:2:4::7 : abc.com 184

192 Table 43 Command output Field in stateless DHCPv6 client mode State is OPEN Preferred Server Reachable via address DUID DNS servers Domain names Indicates the client is in the stateless DHCPv6 configuration mode Current state of the DHCPv6 client: INIT After enabled, the DHCPv6 client enters the INIT state IDLE After receiving an RA message with the M flag set to 0 and O flag set to 1 and enabled with stateless DHCPv6, the DHCPv6 client enters the IDLE state INFO-REQUESTING The DHCPv6 client is requesting configuration information OPEN DHCPv6 client successfully obtained configuration parameters and completed stateless configuration based on the obtained parameters Information about the DHCPv6 server selected by the DHCPv6 client Reachable address, which is the link local address of the DHCPv6 server or relay agent DUID of the DHCPv6 server DNS server address sent by the DHCPv6 server Domain name information sent by the DHCPv6 server display ipv6 dhcp client statistics Use the display ipv6 dhcp client statistics command to display DHCPv6 client statistics. With no parameters specified, DHCPv6 client statistics of all the interfaces is displayed. Related commands: reset ipv6 dhcp client statistics. display ipv6 dhcp client statistics [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level interface interface-type interface-number: Displays the DHCPv6 client statistics of a specified interface. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. 185

193 include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display DHCPv6 client statistics of VLAN-interface 2. <Sysname> display ipv6 dhcp client statistics interface vlan-interface 2 Interface : Vlan-interface2 Packets Received : 1 Reply : 1 Advertise : 0 Reconfigure : 0 Invalid : 0 Packets Sent : 5 Solicit : 0 Request : 0 Confirm : 0 Renew : 0 Rebind : 0 Information-request : 5 Release : 0 Decline : 0 Table 44 Command output Field Interface Packets Received Reply Advertise Reconfigure Invalid Packets Sent Solicit Request Confirm Renew Rebind Information-request Release Decline Interface that servers as the DHCPv6 client Number of received packets Number of received reply packets Number of received advertise packets Number of received reconfigure packets Number of invalid packets Number of sent packets Number of sent solicit packets Number of sent request packets Number of sent confirm packets Number of sent renew packets Number of sent rebind packets Number of sent information request packets Number of sent release packets Number of sent decline packets 186

194 reset ipv6 dhcp client statistics Parameter Use the reset ipv6 dhcp client statistics command to clear DHCPv6 client statistics. With no parameters specified, DHCPv6 client statistics of all the interfaces is cleared. After this command is executed, the packets statistics is displayed as 0 when you use the display ipv6 dhcp client statistics command. Related commands: display ipv6 dhcp client statistics. reset ipv6 dhcp client statistics [ interface interface-type interface-number ] User view 1: Monitor level interface interface-type interface-number: Clears DHCPv6 client statistics of a specified interface. # Clear DHCPv6 client statistics of all the interfaces. <Sysname> reset ipv6 dhcp client statistics DHCPv6 snooping configuration commands display ipv6 dhcp snooping trust Use the display ipv6 dhcp snooping trust command to display DHCPv6 snooping trusted ports. display ipv6 dhcp snooping trust [ { begin exclude include } regular-expression ] Any view 1: Monitor level : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. 187

195 include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display DHCPv6 snooping trusted ports. <Sysname> display ipv6 dhcp snooping trust Trusted ports include: GigabitEthernet1/0/1 GigabitEthernet1/0/2 display ipv6 dhcp snooping user-binding Use the display ipv6 dhcp snooping user-binding command to display DHCPv6 snooping entries. display ipv6 dhcp snooping user-binding { ipv6-address dynamic } [ { begin exclude include } regular-expression ] Any view 1: Monitor level ipv6-address: Displays DHCPv6 snooping entries of the specified IPv6 address. dynamic: Displays all DHCPv6 snooping entries. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display all DHCPv6 snooping entries. <Sysname> display ipv6 dhcp snooping user-binding dynamic IPv6 Address MAC Address Lease VLAN Interface ============================== ============== ========== ==== ================== 2::1 00e0-fc GigabitEthernet1/0/ DHCPv6 snooping item(s) found --- Table 45 Command output Field IPv6 Address IPv6 address in the DHCPv6 snooping entry 188

196 Field MAC Address Lease VLAN Interface MAC address in the DHCPv6 snooping entry Remaining lease of the DHCPv6 snooping entry, in seconds VLAN to which the interface belongs Interface through which the DHCPv6 client is connected ipv6 dhcp snooping enable Use the ipv6 dhcp snooping enable command to enable DHCPv6 snooping globally. Use the undo ipv6 dhcp snooping enable command to disable DHCPv6 snooping globally. By default, global DHCPv6 snooping is disabled. After DHCPv6 snooping is enabled in system view, the DHCPv6 snooping device discards DHCPv6 reply messages received by an untrusted port if any, and does not record these DHCPv6 snooping entries. ipv6 dhcp snooping enable undo ipv6 dhcp snooping enable System view None # Enable DHCPv6 snooping globally. [Sysname] ipv6 dhcp snooping enable ipv6 dhcp snooping max-learning-num Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn. Use the undo ipv6 dhcp snooping max-learning-num command to restore the default. By default, the number of DHCPv6 snooping entries learned by an interface is not limited. ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num 189

197 Parameter Layer 2 Ethernet port view, Layer 2 aggregate interface view number: Specifies the maximum number of DHCPv6 snooping entries an interface can learn, ranging from 0 to # Set the maximum number of DHCPv6 snooping entries Layer 2 Ethernet port GigabitEthernet 1/0/1 can learn to [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping max-learning-num 1000 ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port. Use the undo ipv6 dhcp snooping trust command to restore the default. By default, all interfaces of a device with DHCPv6 snooping enabled globally are untrusted ports. After DHCPv6 snooping is enabled, to ensure that DHCPv6 clients can obtain IPv6 addresses from an authorized DHCPv6 server, you need to configure the port that connects to the authorized DHCPv6 server as a trusted port. ipv6 dhcp snooping trust undo ipv6 dhcp snooping trust Layer 2 Ethernet port view, Layer 2 aggregate interface view None # Configure Ethernet port GigabitEthernet 1/0/1 as a trusted port. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping trust 190

198 ipv6 dhcp snooping vlan enable Use the ipv6 dhcp snooping vlan enable command to enable DHCPv6 snooping for a specific VLAN. Use the undo ipv6 dhcp snooping vlan enable command to disable DHCPv6 snooping for a specific VLAN. By default, DHCPv6 snooping is disabled for a VLAN. After DHCPv6 snooping is enabled globally and then enabled for a VLAN, the DHCPv6 snooping device records DHCPv6 snooping entries according to the DHCPv6 packets received in the VLAN. Meanwhile, upon receiving a DHCPv6 request from a client in the VLAN, the device forwards the packet through trusted ports rather than any untrusted port in the VLAN, thus reducing network traffic. ipv6 dhcp snooping vlan enable undo ipv6 dhcp snooping vlan enable VLAN view None # Enable DHCPv6 snooping for VLAN 1. [Sysname] vlan 1 [Sysname-vlan1] ipv6 dhcp snooping vlan enable reset ipv6 dhcp snooping user-binding Parameter Use the reset ipv6 dhcp snooping user-binding command to clear DHCPv6 snooping entries. reset ipv6 dhcp snooping user-binding { ipv6-address dynamic } User view ipv6-address: Clears DHCPv6 snooping entries of the specified IPv6 address. 191

199 dynamic: Clears all DHCPv6 snooping entries. # Clear all DHCPv6 snooping entries. <Sysname> reset ipv6 dhcp snooping user-binding dynamic 192

200 Tunneling configuration commands default Use the default command to restore the default settings for the tunnel interface. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. You can use the display this command in interface view to check for these commands, and perform their undo forms or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message to resolve the problem. default CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you perform it on a live network. Tunnel interface view None description # Restore the default settings of interface tunnel 1. [Sysname] interface tunnel 1 [Sysname-Tunnel1] default This command will restore the default settings. Continue? [Y/N]:y Use the description command to configure a description for the current interface. Use the undo description command to restore the default. By default, the description of a tunnel interface is Tunnelnumber Interface, for example, Tunnel1 Interface. Related commands: display interface tunnel. 193

201 description text undo description Parameter Tunnel interface view destination text: Describes an interface, a string of 1 to 80 characters. # Configure the description of interface Tunnel 1 as tunnel1. [Sysname] interface tunnel 1 [Sysname-Tunnel1] description tunnel1 Use the destination command to specify the destination address for the tunnel interface. Use the undo destination command to remove the configured tunnel destination address. By default, no tunnel destination address is configured. The tunnel destination address is the address of the peer interface receiving packets and should be configured as the source address of the peer tunnel interface. Automatic tunnel interfaces using the same encapsulation protocol must have different source addresses. Manual tunnel interfaces using the same encapsulation protocol must have different source and destination addresses. Related commands: source, interface tunnel, display interface tunnel, and display ipv6 interface tunnel. destination { ip-address ipv6-address } undo destination Tunnel interface view ip-address: Specifies the tunnel destination IPv4 address. ipv6-address: Specifies the tunnel destination IPv6 address. 194

202 # Configure interface VLAN-interface 100 ( ) of Sysname 1 and interface VLAN-interface 100 ( ) of Sysname 2 as the source and destination interfaces of a tunnel between the two devices, respectively. <Sysname1> system-view [Sysname1] interface tunnel 0 [Sysname1-Tunnel0] source [Sysname1-Tunnel0] destination <Sysname2> system-view [Sysname2] interface tunnel 1 [Sysname2-Tunnel1] source [Sysname2-Tunnel1] destination display interface tunnel Use the display interface tunnel command to display information about tunnel interfaces, such as the source address, destination address, and tunnel mode. If you do not specify the tunnel keyword, this command displays information about all interfaces on the device. If you specify the tunnel keyword without the number argument, this command displays information about all existing tunnel interfaces. Related commands: interface tunnel, source, destination, and tunnel-protocol. display interface [ tunnel ] [ brief [ down ] ] [ { begin exclude include } regular-expression ] display interface tunnel number [ brief ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level number: Specifies the number of a tunnel interface. With this argument, the command displays information about the specified tunnel interface. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. 195

203 include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. s # Display detailed information about interface Tunnel 0. <Sysname> display interface tunnel 0 Tunnel0 current state: UP Line protocol current state: UP : Tunnel0 Interface The Maximum Transmit Unit is 1476 Internet Address is /24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source (Vlan-interface2000), destination Tunnel bandwidth 64 (kbps) Tunnel protocol/transport GRE/IP GRE key disabled Checksumming of GRE packets disabled Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 28 bytes/sec, 0 packets/sec 1847 packets input, bytes 0 input error 5572 packets output, bytes 0 output error Table 46 Command output Field Tunnel0 current state Line protocol current state Maximum Transmit Unit Internet Address Physical state of the tunnel interface: DOWN (Administratively) Indicates that the interface is down administratively; that is, the interface is shut down with the shutdown command DOWN Indicates that the interface is up administratively, but its physical state is down UP Indicates that both the administrative and physical states of the interface are up Link layer state of the tunnel interface: DOWN Indicates that the protocol state of the interface is down UP Indicates that the protocol state of the interface is up of the tunnel interface Maximum transmit unit allowed on the tunnel interface IP address of the tunnel interface If no IP address is assigned to the interface, "Internet protocol processing : disabled" will be displayed, which means that packets cannot be processed "Primary" indicates the primary IP address of the interface; "Sub" indicates a secondary IP address of the interface 196

204 Field Encapsulation is TUNNEL service-loopback-group ID Tunnel source destination Tunnel bandwidth Encapsulation protocol is tunnel ID of the service loopback group referenced by the tunnel If service loopback group is not specified, "service-loopback-group ID not set" will be displayed Source address of the tunnel Destination address of the tunnel Bandwidth of the tunnel interface Tunnel mode and transport protocol: GRE/IP GRE over IPv4 tunnel mode GRE/IPv6 GRE over IPv6 tunnel mode IP/IP IPv4 over IPv4 tunnel mode Tunnel protocol/transport IP/IPv6 IPv4 over IPv6 tunnel mode IPv6/IP IPv6 over IPv4 manual tunnel mode IPv6/IP 6to4 IPv6 over IPv4 6to4 tunnel mode IPv6/IP ISATAP IPv6 over IPv4 ISATAP tunnel mode IPv6/IPv6 IPv6 over IPv6 tunnel mode GRE key disabled Checksumming of GRE packets disabled Last clearing of counters Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec packets input input error packets output output error Tunnel interface key option of GRE is not configured GRE packet checksum function is disabled Last time of clearing of counters Average input rate in the last 300 seconds in bytes/sec or packets/sec Average output rate in the last 300 seconds in bytes/sec or packets/sec Total number of input packets Number of input error packets Total number of output packets Number of output error packets # Display brief information about interface Tunnel 0. <Sysname> display interface tunnel 0 brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Tun0 UP UP # Display brief information about interface Tunnel 1 in the DOWN state. <Sysname> display interface tunnel brief down The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby 197

205 Interface Tun1 Link Cause DOWN Not connected Table 47 Command output Field The brief information of interfaces under route mode Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Cause Brief information about Layer 3 interfaces Link status: ADM Interface has been shut down administratively; to recover its physical state, perform the undo shutdown command Stby Interface is a backup interface; to see the primary interface, use the display standby state command in the High Availability Command Reference (s) indicates that the network layer protocol state is UP, but the link is not available because it is an on-demand link or not present at all Abbreviated interface name Physical link state of the interface: UP Link is up DOWN Link is down ADM Link has been shut down administratively; to bring it up, perform the undo shutdown command Stby Interface is a backup interface Protocol state: DOWN Protocol is disabled UP Protocol is enabled Primary IP address of the interface of the interface Cause of a DOWN physical link If the port has been shut down with the shutdown command, this field displays Administratively To bring up the port, use the undo shutdown command display ipv6 interface tunnel Use the display ipv6 interface tunnel command to display IPv6 information for tunnel interfaces. display ipv6 interface tunnel [ number ] [ brief ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level 198

206 s number: Displays IPv6 information on a specific tunnel interface. If no interface number is specified, IPv6 information about all tunnel interfaces will be displayed. brief: Displays brief information of tunnel interfaces. If this keyword is not specified, detailed information and IPv6 packet statistics for tunnel interfaces are displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display detailed IPv6 information and IPv6 packet statistics for interface Tunnel 0. <Sysname> display ipv6 interface tunnel 0 Tunnel0 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::202:201 Global unicast address(es): 3000::1, subnet is 3000::/64 Joined group address(es): FF02::1:FF02:201 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 45 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 45 OutRequests: 45 OutForwDatagrams: 0 199

207 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 48 Command output Field Tunnel0 current state Line protocol current state IPv6 is enabled link-local address Global unicast addresses Joined group addresses MTU is 1480 bytes ND reachable time ND retransmit interval Hosts use stateless autoconfig for addresses InReceives InTooShorts InTruncatedPkts InHopLimitExceeds InBadHeaders Physical state of the tunnel interface: Administratively DOWN Indicates that the interface is down administratively; that is, the interface is shut down with the shutdown command DOWN Indicates that the interface is up administratively, but its physical state is down UP Indicates that both the administrative and physical states of the interface are up Link layer state of the tunnel interface: DOWN Indicates that the protocol state of the interface is down UP Indicates that the protocol state of the interface is up IPv6 packet forwarding state of the tunnel interface IPv6 packet forwarding is automatically enabled after an IPv6 address is assigned to the interface. IPv6 packet forwarding is enabled in the example Link-local address configured for the tunnel interface Global unicast addresses configured for the tunnel interface Multicast addresses of the tunnel interface Maximum transmission unit of the tunnel interface; it is 1480 bytes in the example Neighbor reachable time Interval for retransmitting a neighbor solicitation message Hosts use stateless autoconfiguration mode to acquire IPv6 addresses All IPv6 packets received by the tunnel interface, including types of error packets Received IPv6 packets that are too short, with a length less than 40 bytes, for example Received IPv6 packets with a length less than that specified in the packets Received IPv6 packets with a hop count exceeding the limit Received IPv6 packets with bad basic headers 200

208 Field InBadOptions ReasmReqds ReasmOKs InFragDrops InFragTimeouts OutFragFails InUnknownProtos InDelivers OutRequests OutForwDatagrams InNoRoutes InTooBigErrors OutFragOKs OutFragCreates InMcastPkts InMcastNotMembers OutMcastPkts InAddrErrors InDiscards OutDiscards Received IPv6 packets with bad extension headers Received IPv6 fragments Number of packets after reassembly rather than the number of fragments IPv6 fragments discarded due to certain errors IPv6 fragments discarded because the interval for which they had stayed in the system buffer exceeded the specified period Packets failed in fragmentation on the outbound interface Received IPv6 packets with unknown or unsupported protocol type Received IPv6 packets that were delivered to application layer protocols (such as ICMPv6, TCP, and UDP) Local IPv6 packets sent by IPv6 application protocols Packets forwarded by the outbound interface IPv6 packets that were discarded because no matched route can be found IPv6 packets that were received normally but discarded before they were forwarded because they exceeded the PMTU Packets that were fragmented on the outbound interface Number of packet fragments after fragmentation on the outbound interface IPv6 multicast packets received on the interface Incoming IPv6 multicast packets that were discarded because the interface did not belong to the corresponding multicast groups IPv6 multicast packets sent by the interface IPv6 packets that were discarded due to invalid destination addresses Received IPv6 packets that were discarded due to resource problems rather than packet content errors Sent packets that were discarded due to resource problems rather than packet content errors # Display brief IPv6 information for interface Tunnel 0. <Sysname> display ipv6 interface tunnel 0 brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Tunnel0 up up 3000::1 Table 49 Command output Field *down The tunnel interface is administratively down; that is, the interface is closed by using the shutdown command 201

209 Field (s) Interface Physical Protocol IPv6 Address Spoofing attribute of the tunnel interface; that is, the link protocol state of the tunnel interface is up, but the link does not exist, or the link is established on demand, instead of being permanent Name of the tunnel interface Physical state of the tunnel interface: *down Indicates that the interface is down administratively; that is, the interface is shut down with the shutdown command down Indicates that the interface is up administratively, but its physical state is down up Indicates that both the administrative and physical states of the interface are up Link layer protocol state of the tunnel interface: down Indicates that the protocol state of the interface is down up Indicates that the protocol state of the interface is up IPv6 address of the tunnel interface Only the first of configured IPv6 addresses is displayed (if no address is configured for the interface, Unassigned will be displayed) encapsulation-limit Parameter Use the encapsulation-limit command to configure the maximum number of nested encapsulations of a packet in the tunnel. Use the undo encapsulation-limit command to remove the configured encapsulation limit. The encapsulation limit is only applicable to the IPv6 over IPv6 tunnel. encapsulation-limit [ number ] undo encapsulation-limit Tunnel interface view number: Specifies the number of nested encapsulations, ranging from 1 to 10. The default value is 4. # Configure the maximum number of nested encapsulations in a tunnel as 3. [Sysname] interface tunnel 2 [Sysname-Tunnel2] tunnel-protocol ipv6-ipv6 202

210 [Sysname-Tunnel2] encapsulation-limit 3 interface tunnel Parameter mtu Use the interface tunnel command to create a tunnel interface and enter its view. Use the undo interface tunnel command to delete a specific tunnel interface. By default, no tunnel interface is created on the device. Use the interface tunnel command to enter the interface view of a specific tunnel. If the specified tunnel interface does not exist, the system will create the interface and enter its view. A tunnel interface number is only locally significant. Thus, the tunnel interfaces on the two ends of a tunnel can use the same or different interface numbers. Related commands: display interface tunnel, display ipv6 interface tunnel, source, destination, and tunnel-protocol. interface tunnel number undo interface tunnel number System view number: Specifies the number of the tunnel interface. The number of tunnels that can be created is restricted by the total number of interfaces and the memory. # Create interface Tunnel 3 and enter its view. [Sysname] interface tunnel 3 [Sysname-Tunnel3] Use the mtu command to set the MTU on a tunnel interface. Use the undo mtu command to restore the default. By default, the MTU on a tunnel interface is 64,000 bytes. mtu mtu-size undo mtu 203

211 Parameter Tunnel interface view mtu-size: Specifies the MTU on the tunnel interface, ranging from 100 to 64,000 bytes. # Set the MTU for IPv4 packets on interface Tunnel 3 to 1432 bytes. [Sysname] interface tunnel 3 [Sysname-Tunnel3] mtu 1432 reset counters interface Parameter Use the reset counters interface command to clear the statistics of tunnel interfaces. Before sampling network traffic within a specific period of time on an interface, you need to clear the existing statistics. If neither the tunnel keyword nor interface number is specified, this command clears the statistics of all interfaces. If only the tunnel keyword is specified, this command clears the statistics of all tunnel interfaces. If both the tunnel keyword and interface number are specified, this command clears the statistics of the specified tunnel interface. reset counters interface [ tunnel [ number ] ] User view number: Specifies the tunnel interface number. # Clear the statistics of Tunnel 3. <Sysname> reset counters interface tunnel 3 service-loopback-group Use the service-loopback-group command to reference a service loopback group on the tunnel interface. 204

212 Use the undo service-loopback-group command to remove the referenced service loopback group from the tunnel interface. By default, no service loopback group is referenced on a tunnel interface. The service loopback group to be referenced must have been configured and have the service type set to tunnel in system view. One tunnel interface can reference only one service loopback group. Related commands: display interface tunnel; service-loopback group (Layer 2 LAN Switching Command Reference). service-loopback-group number undo service-loopback-group Parameter s service Tunnel interface view number: Specifies the service loopback group ID. # Create service loopback group 1 of tunnel type. [Sysname] service-loopback group 1 type tunnel # Add a Layer 2 Ethernet port to service loopback group 1. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo stp enable [Sysname-GigabitEthernet1/0/1] undo lldp enable [Sysname-GigabitEthernet1/0/1] port service-loopback group 1 [Sysname-GigabitEthernet1/0/1] quit # Reference service loopback group 1 on interface Tunnel 2. [Sysname] interface tunnel 2 [Sysname-Tunnel2] service-loopback-group 1 Use the service command to specify an IRF member switch to forward traffic on the current tunnel interface. Use the undo service command to restore the default. By default, no service IRF member switch is specified for forwarding traffic on the current tunnel interface. Note that: 205

213 Parameter shutdown If no IRF member switch is specified for forwarding the traffic on the current interface, a GRE, IPv4 over IPv4, or IPv4 over IPv6 tunnel automatically selects an IRF member switch. If the specified source interface is a virtual interface such as a loopback interface, or no source interface is specified but the outbound interface of the route to the destination address is a virtual interface, the GRE, IPv4 over IPv4, or IPv4 over IPv6 tunnel uses the master device to process traffic on the current tunnel interface. To prevent overload on the master device, specify an IRF member switch to forward the traffic on the tunnel interface by using the service command. If the specified IRF member switch quits IRF, traffic on the tunnel interface cannot be forwarded even if the tunnel interface is up. Then if the device re-joins IRF, traffic forwarding recovers. service slot slot-number undo service slot Tunnel interface view slot slot-number: Specifies an IRF member switch. The slot-number argument specifies the ID of the IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone switch, the slot-number argument specifies the ID of the switch. # Specify IRF member switch 2 to forward traffic on interface Tunnel 2. [Sysname] interface tunnel 2 [Sysname-Tunnel2] service slot 2 Use the shutdown command to shut down a tunnel interface. Use the undo shutdown command to bring up a tunnel interface. By default, a tunnel interface is in the up state. shutdown undo shutdown Tunnel interface view 206

214 source None # Shut down interface Tunnel 1. [Sysname] interface tunnel 1 [Sysname-Tunnel1] shutdown Use the source command to specify the source address or interface of the tunnel interface. Use the undo source command to remove the configured source address or interface of the tunnel interface. By default, no source address or interface is specified for the tunnel interface. The tunnel source address is the address of the interface sending packets and should be configured as the destination address of the peer tunnel interface. Automatic tunnel interfaces using the same encapsulation protocol must have different source addresses. Manual tunnel interfaces using the same encapsulation protocol must have different source and destination addresses. Related commands: destination, interface tunnel, display interface tunnel, and display ipv6 interface tunnel. source { ip-address ipv6-address interface-type interface-number } undo source Tunnel interface view ip-address: Specifies the tunnel source IPv4 address. ipv6-address: Specifies the tunnel source IPv6 address. interface-type interface-number: Specifies an interface, which can be a VLAN interface, Layer 3 Ethernet port, tunnel interface, or loopback interface. # Set the tunnel source address to (or the interface VLAN-interface 100) on the interface Tunnel 5. [Sysname] interface tunnel 5 [Sysname-Tunnel5] source

215 Or [Sysname] interface tunnel 5 [Sysname-Tunnel5] source vlan-interface 100 tunnel bandwidth Parameter Use the tunnel bandwidth command to set the bandwidth of the tunnel interface. Use the undo tunnel bandwidth command to restore the default. By default, the bandwidth of the tunnel interface is 64 kbps. The tunnel interface bandwidth set with the tunnel bandwidth command is for dynamical routing protocols to calculate the cost of a tunnel path, rather than changes the bandwidth of the tunnel interface. Refer to the bandwidth of the output interface of the packet when you set the bandwidth of the tunnel interface. tunnel bandwidth bandwidth-value undo tunnel bandwidth Tunnel interface view bandwidth-value: Specifies the bandwidth value of the tunnel interface in kbps, ranging from 1 to 10,000,000. # Configure the bandwidth of Tunnel 0 as 100 kbps. [Sysname] interface tunnel 0 [Sysname-Tunnel0] tunnel bandwidth 100 tunnel discard ipv4-compatible-packet Use the tunnel discard ipv4-compatible-packet command to enable dropping of IPv6 packets using IPv4- compatible IPv6 addresses. Use the undo tunnel discard ipv4-compatible-packet command to restore the default. By default, IPv6 packets using IPv4-compatible IPv6 addresses are not dropped. The tunnel discard ipv4-compatible-packet command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from the tunnel and discard packets that use a source or destination IPv4-compatible IPv6 address. 208

216 tunnel discard ipv4-compatible-packet undo tunnel discard ipv4-compatible-packet System view None # Enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses. [Sysname] tunnel discard ipv4-compatible-packet tunnel-protocol Use the tunnel-protocol command to specify the tunnel mode for the tunnel interface. Use the undo tunnel-protocol command to restore the default. The default tunnel is a GRE over IPv4 tunnel. You can select a tunnel mode according to the actual network topology and application. The two ends of a tunnel must have the same tunnel mode specified; otherwise, traffic transmission may fail. Only one automatic tunnel can be created at the start point of a tunnel. tunnel-protocol { gre [ ipv6 ] ipv4-ipv4 ipv4-ipv6 ipv6-ipv4 [ 6to4 isatap ] ipv6-ipv6 } undo tunnel-protocol Tunnel interface view gre: Specifies the GRE over IPv4 tunnel mode. gre ipv6: Specifies the GRE over IPv6 tunnel mode. ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode. ipv4-ipv6: Specifies the IPv4 over IPv6 manual tunnel mode. ipv6-ipv4: Specifies the IPv6 over IPv4 manual tunnel mode. 209

217 ipv6-ipv4 6to4: Specifies the IPv6 over IPv4 6to4 tunnel mode. ipv6-ipv4 isatap: Specifies the IPv6 over IPv4 ISATAP tunnel mode. ipv6-ipv6: Specifies the IPv6 over IPv6 tunnel mode. # Specify the IPv4 over IPv4 tunnel mode for interface Tunnel 2. [Sysname] interface tunnel 2 [Sysname-Tunnel2] tunnel-protocol ipv4-ipv4 210

218 Support and other resources Contacting HP For worldwide technical support information, see the HP support website: Before contacting HP, collect the following information: Product model names and numbers Technical support registration number (if applicable) Product serial numbers Error messages Operating system type and revision level Detailed questions Subscription service HP recommends that you register your product at the Subscriber's Choice for Business website: After registering, you will receive notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents Websites To find related documents, browse to the Manuals page of the HP Business Support Center website: For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP A-Series Acronyms. HP.com HP Networking HP manuals HP download drivers and software HP software depot 211

219 Conventions This section describes the conventions used in this documentation set. Command conventions Convention Boldface Italic Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. [ ] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x y... } [ x y... ] { x y... } * [ x y... ] * &<1-n> Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk-marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. Asterisk-marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. # A line that starts with a pound (#) sign is comments. GUI conventions Convention Boldface > Window names, button names, field names, and menu items are in bold text. For example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder. Symbols Convention WARNING CAUTION IMPORTANT NOTE TIP An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information. 212

220 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. 213

221 Index A B D E F G I L M N O P R S T U V A dhcp server ping packets,26 dhcp server ping timeout,26 arp max-learning-num,1 dhcp server relay information enable,27 arp send-gratuitous-arp,8 dhcp server threshold,28 arp static,2 dhcp-snooping,80 arp timer aging,2 dhcp-snooping binding database filename,80 B dhcp-snooping binding database update interval,81 bims-server,20 dhcp-snooping binding database update now,82 bootfile-name,20 dhcp-snooping check mac-address,82 D dhcp-snooping check request-message,83 dhcp-snooping information circuit-id format-type,84 default,193 dhcp-snooping information circuit-id string,84 description,193 dhcp-snooping information enable,85 destination,194 dhcp-snooping information format,86 dhcp enable,21 dhcp-snooping information remote-id format-type,87 dhcp relay address-check enable,54 dhcp-snooping information remote-id string,87 dhcp relay check mac-address,55 dhcp-snooping information strategy,88 dhcp relay client-detect enable,55 dhcp-snooping trust,89 dhcp relay information circuit-id format-type,56 display arp,3 dhcp relay information circuit-id string,57 display arp ip-address,4 dhcp relay information enable,57 display arp timer aging,5 dhcp relay information format,58 display bootp client,96 dhcp relay information remote-id format-type,59 display dhcp client,76 dhcp relay information remote-id string,60 display dhcp relay,67 dhcp relay information strategy,60 display dhcp relay information,68 dhcp relay release ip,61 display dhcp relay security,69 dhcp relay security refresh enable,62 display dhcp relay security statistics,70 dhcp relay security static,62 display dhcp relay security tracker,71 dhcp relay security tracker,63 display dhcp relay server-group,72 dhcp relay server-detect,64 display dhcp relay statistics,72 dhcp relay server-group,64 display dhcp server conflict,29 dhcp relay server-select,65 display dhcp server expired,29 dhcp select relay,66 display dhcp server forbidden-ip,31 dhcp select server global-pool,22 display dhcp server free-ip,31 dhcp server apply ip-pool,22 display dhcp server ip-in-use,32 dhcp server detect,23 display dhcp server statistics,34 dhcp server forbidden-ip,24 display dhcp server tree,35 dhcp server ip-pool,25 display dhcp-snooping,90 214

222 display dhcp-snooping binding database,91 display dhcp-snooping information,92 display dhcp-snooping packet statistics,93 display dhcp-snooping trust,94 display dns domain,98 display dns host,99 display dns server,100 display fib,106 display fib ip-address,108 display icmp statistics,109 display interface tunnel,195 display ip host,101 display ip interface,14 display ip interface brief,16 display ip socket,110 display ip statistics,114 display ipv6 dhcp client,184 display ipv6 dhcp client statistics,185 display ipv6 dhcp duid,179 display ipv6 dhcp relay server-address,179 display ipv6 dhcp relay statistics,181 display ipv6 dhcp snooping trust,187 display ipv6 dhcp snooping user-binding,188 display ipv6 fib,131 display ipv6 fib ipv6-address,132 display ipv6 interface,134 display ipv6 interface tunnel,198 display ipv6 nd snooping,138 display ipv6 neighbors,139 display ipv6 neighbors count,141 display ipv6 pathmtu,142 display ipv6 socket,143 display ipv6 statistics,145 display local-proxy-arp,11 display proxy-arp,11 display tcp ipv6 statistics,148 display tcp ipv6 status,151 display tcp statistics,115 display udp ipv6 statistics,152 display udp statistics,118 display udp-helper server,127 dns domain,102 dns resolve,103 dns server,103 dns-list,37 domain-name,38 E encapsulation-limit,202 expired,38 F forbidden-ip,39 G gateway-list,40 gratuitous-arp-learning enable,9 gratuitous-arp-sending enable,9 I interface tunnel,203 ip address,18 ip address bootp-alloc,97 ip address dhcp-alloc,78 ip forward-broadcast (interface view),119 ip forward-broadcast (system view),120 ip host,104 ip redirects enable,120 ip ttl-expires enable,121 ip unreachables enable,121 ipv6,153 ipv6 address,154 ipv6 address anycast,154 ipv6 address auto,155 ipv6 address auto link-local,156 ipv6 address eui-64,157 ipv6 address link-local,157 ipv6 dhcp relay server-address,182 ipv6 dhcp snooping enable,189 ipv6 dhcp snooping max-learning-num,189 ipv6 dhcp snooping trust,190 ipv6 dhcp snooping vlan enable,191 ipv6 hoplimit-expires enable,158 ipv6 icmp-error,159 ipv6 icmpv6 multicast-echo-reply enable,159 ipv6 nd autoconfig managed-address-flag,160 ipv6 nd autoconfig other-flag,160 ipv6 nd dad attempts,161 ipv6 nd hop-limit,162 ipv6 nd ns retrans-timer,

223 ipv6 nd nud reachable-time,163 ipv6 nd ra halt,164 ipv6 nd ra interval,164 ipv6 nd ra no-advlinkmtu,165 ipv6 nd ra prefix,166 ipv6 nd ra router-lifetime,166 ipv6 nd snooping enable,167 ipv6 nd snooping max-learning-num,168 ipv6 neighbor,168 ipv6 neighbor stale-aging,169 ipv6 neighbors max-learning-num,170 ipv6 pathmtu,171 ipv6 pathmtu age,171 ipv6 prefer temporary-address,172 ipv6 unreachables enable,173 L local-proxy-arp enable,12 M mac-address station-move,6 mtu,203 N nbns-list,41 netbios-type,41 network,42 network ip range,43 network mask,44 next-server,44 O option,45 P proxy-arp enable,13 R reset arp,6 reset counters interface,204 reset dhcp relay statistics,74 reset dhcp server conflict,46 reset dhcp server ip-in-use,46 reset dhcp server statistics,47 reset dhcp-snooping,95 reset dhcp-snooping packet statistics,95 reset dns host,105 reset ip statistics,122 reset ipv6 dhcp client statistics,187 reset ipv6 dhcp relay statistics,183 reset ipv6 dhcp snooping user-binding,191 reset ipv6 nd snooping,173 reset ipv6 neighbors,174 reset ipv6 pathmtu,174 reset ipv6 statistics,175 reset tcp ipv6 statistics,175 reset tcp statistics,122 reset udp ipv6 statistics,176 reset udp statistics,123 reset udp-helper packet,127 S service,205 service-loopback-group,204 shutdown,206 source,207 static-bind client-identifier,47 static-bind ip-address,48 static-bind mac-address,49 T tcp ipv6 timer fin-timeout,176 tcp ipv6 timer syn-timeout,177 tcp ipv6 window,177 tcp path-mtu-discovery,123 tcp timer fin-timeout,124 tcp timer syn-timeout,125 tcp window,125 tftp-server domain-name,50 tftp-server ip-address,51 tunnel bandwidth,208 tunnel discard ipv4-compatible-packet,208 tunnel-protocol,209 U udp-helper enable,128 udp-helper port,129 udp-helper server,129 V vendor-class-identifier,51 voice-config,52 216